You may be interested in this post on another thread: http://www.freerepublic.com/focus/f-news/3112981/posts?page=55#55
The poster, Freeper USC explains in more detail what happened at Target. Microsoft isn’t the company that needs the security lesson.
It would help if Microsoft were more up on this.
They probably want to sell a more advanced version of embedded Windows rather than advising current license holders. But being too pinchy about the pennies hurts their reputation.
GNU/Linux would have been a harder target.