During vulnerability scans looking for machines not patched for MS03-026 and /or MS03-039 we had results claiming that our Win XPe thin clients are vulnerable.

The OS is on an EPROM- is there anything that can even be done to patch it? Is it actually vulnerable- or would an exploit actually work on a thin client??