It has come out that the security breaches at Target and Home Depot had yet another thing in common. Both security breaches were both allowed by a vulnerability in XP embedded that was more than 10 years old.
The XP embedded, which is used in their POS systems was Windows XPe SP3, which is not the last version of the XP-based embedded OSen.
In both cases, the security breach could have been avoided if they had upgraded to Windows 7 for Embedded Systems.
Specific malware has been created the past decade for embedded XP systems, which uses a technique called “RAM scraping”. Once the malware is in the system, it can pretty much do what it wants and take as much credit card data as it would like.
This is possible because Windows XP has relatively weak memory access protection, whereas Windows 7 memory protection is much better.