An embedded Windows system, such as the Maestro, typically includes only the functionality required by the platform (it's a "componentized" version of Windows). The system gets updates only under the control of the manufacturer - which should be rarely. The embedded system isn't subject to the same sort of malware infection as desktop systems, because embedded systems are almost always run "write protected." So, if there IS a malware infection, you just reboot the system and it's gone. No on-disk changes persist from boot to boot.
Windows runs in tens of millions of embedded systems every day. Among the ones I've personally worked on are: Medical imaging equipment, blood analyzers, military UAVs, financial clearing imaging systems, factory floor automation in all manner of industries, mass mailing systems, and almost every ATM on the planet.
So, relax. If Windows was really such a mess, the entire world would be in chaos. Your CT scan would be dangerous. Drones would fall from the sky. You'd never be able to get cash without waiting in line for a teller.