Its funny as I have not applied a m$ "Security patch" since SP1 was released (only added sp1 as its a dependency to later libraries) and run so few services that none of them have ever been effected with redmonds backdoors. i even had SMB disabled from day one except for when i had to use it and then only enabled it during that period. decades of watching M$ open backdoors disguised as bugs has taught me how to harden a winblows system to quite a degree. I finally was forced to win 7 for directx 11 (10.1 was hackable into xp) but there is no way I'll allow them to force 10 anywhere near me. Its better just to build an independent gaming system and use a switch box and isolate the network while using it.
Grab a copy of process hacker and rip 3/4 of all that shit out, and don't be surprised when you install a m4 update that it re-enables all those unrelated backdoors you had just closed.
And don't forget to disable all those telnet remote drivers M$ hides from you.
Windoze...
Untrusted since _NSAKEY