1) If anyone is interested -- After hack the following updates were applied by Windows Update. This is what some companies are paying $200 per PC per year for!
Windows XP support will be available after April 8—just not for you | PCWorld :
Security Update for WEPOS and POSReady 2009 (KB2993651)
MS14-045: Description of the security update for kernel-mode drivers: August 27, 2014
https://technet.microsoft.com/en-us/library/security/ms14-045.aspx
Update for WEPOS and POSReady 2009 (KB2981580)
August 2014 cumulative time zone update for Windows operating systems
Cumulative Security Update for Internet Explorer 8 for WEPOS and POSReady 2009 (KB2976627)
MS14-051: Cumulative security update for Internet Explorer: August 12, 2014
https://technet.microsoft.com/en-us/library/security/ms14-051.aspx
Windows Malicious Software Removal Tool - August 2014 (KB890830)
The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running supported versions of Windows
Security Update for WEPOS and POSReady 2009 (KB2961072)
MS14-040: Description of the security update for an ancillary function driver: July 8, 2014
https://technet.microsoft.com/en-us/library/security/ms14-040.aspx
Security Update for WEPOS and POSReady 2009 (KB2957509)
MS14-036: Description of the security update for Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, and Windows Server 2003: June 10, 2014
https://technet.microsoft.com/en-us/library/security/ms14-036.aspx
Security Update for WEPOS and POSReady 2009 (KB2957503)
MS14-036: Description of the security update for Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, and Windows Server 2003: June 10, 2014
https://technet.microsoft.com/en-us/library/security/ms14-036.aspx
Security Update for WEPOS and POSReady 2009 (KB2939576)
MS14-033: Description of the security update for MSXML: June 10, 2014
https://technet.microsoft.com/en-us/library/security/ms14-033.aspx
Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Vista, Windows 7, Server 2008 x86 (KB2931365)
MS14-026: Description of the security update for the .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2: May 13, 2014
https://technet.microsoft.com/en-us/library/security/ms14-026.aspx
Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 (KB2932079)
MS14-026: Description of the security update for the .NET Framework 2.0 Service Pack 2 on Windows XP and Windows Server 2003: May 13, 2014
https://technet.microsoft.com/en-us/library/security/ms14-026.aspx
Security Update for WEPOS and POSReady 2009 (KB2926765)
MS14-027: Description of the security update for Windows: May 13, 2014
https://technet.microsoft.com/en-us/library/security/ms14-027.aspx
Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.183.935.0)
Description of Microsoft Security Essentials and of the definition file updates for beta version 2.0.0375.0
2014 Microsoft Security TechCenter Bulletin Index with links to details
Security Bulletins 2014
After updating 2 physical and 3 VM 32 Bit XP SP3 systems, no problems noticed. Microsoft Security Essentials scanned with updated definitions. Note: Systems also run Malwarebytes Anti-Malware
2) To answer Vista question -- Wikipedia shows Windows Embedded POSReady Versions below. None are bases on Vista:
Windows Embedded for Point of Service V1
This was a specially designed subversion of Windows XP Embedded designed for use in Point of Service situations. Mainstream support for version 1.1 SP3 ended in April 2011 and extended support will end in April 2016.
Windows Embedded POSReady 2009
Based on Windows XP Service Pack 3, this version offers more features over Windows Embedded for Point of Service V1 such as Full Localization and XPF Support if .Net Frameword 3.5 or higher installed. It is the first version of Windows Embedded that can use the Windows Update Agent to update an installed and deployed image. Mainstream support ended in April 2014 and extended support ends in April 2019.
Windows Embedded POSReady 7
Windows Embedded POSReady 7 is the first version of Windows Embedded Industry to be based on the Windows 7 Platform. It was released in July 2011.
Windows Embedded 8 Industry
Based on Windows 8, Windows Embedded 8 Industry was released in April 2013.
Windows Embedded 8.1 Industry
Based on Windows 8.1, Windows Embedded 8.1 Industry was released in October 2013.