ATM's need a network connection to query the bank. The updates can be sent via their internal network. If they are "small in shop ATM's" using a phone line to query the banks back end then they could dial in and maintain the call during the store downtime and download the patches. Looking at Windows update catalog the updates are not large files anyway. Sure they might take an hour or two over a simple 56k modem link but the updates and imo an update path are available.

From the articles 3rd paragraph:-

> Microsoft first released Windows XP in 2001, seventeen years ago, and stopped supporting the operating system in 2014. This meant that it stopped developing new security patches for Windows XP, which would protect it from software exploits developed by hackers.

Which gives the impression that the updates are simply just not available not that they don't have a network connection to fetch the updates from.

Even if they were running the latest version of Windows security patches should still be applied.

>> ATM's need a network connection to query the bank. The updates can be sent via their internal network.

Some of these are on satellite connections. They don't need much data. Lots of banking transactions can be squeezed into a single megabyte. Sending multi-gig windows updates to all the ATMs would be a serious headache.

But Windows XP Embedded month to month security updates are not multi-gig updates. The last batch of security updates totalled <15MB and updates for the month of May totalled ~36MB.

EDIT: Even if the network connect back to the banks was SMS then my point was that it’s not that there are no updates for Windows XP embedded which the article give the impression of, the point would then be that the manufacturer, integrater, banks, who ever didn’t have the foresight of needing some bandwidth for updates. The updates are available just that who ever is in charge of these ATMs failed to keep them updated.