Do you have reason to believe that Windows 7 instead of Windows XP would have prevented this attack? It sounds like weak credentials and overall lax security are more to blame.
edit: Also, keep in mind that some retailers are running POSReady 2009 / POSReady 7, which may look just like Windows XP at first glance.
edit: Also, keep in mind that some retailers are running POSReady 2009 / POSReady 7, which may look just like Windows XP at first glance.