This is something I don't quite understand:

The machines were in an advanced line of Diebold ATMs built atop Windows XP Embedded, which, like most versions of Windows, was vulnerable to the RPC DCOM security bug exploited by Nachi, and its more famous forebear, Blaster.

Isn't it easy enough to write an OS that ATMs can go without any specific vendor's offering? I mean, it's not like ATMs are doing anything outrageous -- they have a fairly limited set of functions and, for the most part, that's not going to change. I've gotten somewhat familiar with the insides of an Atari 2600 hacking a demo or two in 6507 assembler, and even it had enough power to interact with me the way I'd hope my ATM would.

So I'd think Diebold could've, should've, and should've wanted to make their own OS from scratch to ensure security. Even if Windows didn't have so many gaping holes (making XP perhaps the *worst* choice Diebold could've made), you'd think something proprietary would be best anyhow.