An update for any of you that have vintage boxes running XP who wish to stay secur-ish. This month's Patch Tuesday releases included several hotfixes that applied to Windows XP but were not explicitly released for it.
As Windows Embedded POSReady 2009 (based on the XP SP3 codebase) continues to receive extended support until 2019, the patches were released for it. And porting them to Windows XP is trivially easy. You can do it yourself by stripping out the line in the update.inf with the "Prereq.XPInstallEmbedded" string and recompressing into an SFX.
Alternately, a guy over at RyanVM's site has done it for you here. You would only need the IE hotfix that applies to your version of IE, of course.
The relevant updates are:
KB2962488: MS14-027: Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege
KB2953522: Security Update for Internet Explorer versions 6-11, May 2014
KB2931352 (.NET 1.1), KB2932079 (.NET 2.0), & KB2931365 (.NET 4.0): MS14-026: Vulnerability in the .NET Framework could allow elevation of privilege
You only need the .NET updates if you have .NET and unlike the XP hotfixes you actually do not need to modify them to install them on non-embedded XP (though I haven't tested the 1.1 update).
Beats migrating your systems to Windows Server 2003 for the time being, at least.