From what we learned last year, Microsoft updates are more of a problem than a fix to any security related issue. Last year Microsoft actively trashed Windows 7 computers with their Windows 10 update that was more like a malware than an update.

Security updates and migrating to newer operating system versions will not solve any of these issues; on the contrary, they pose new, unknown issues often including also the old, still unfixed issues.
A more durable solution is disabling all unnecessary buggy services that are running on your computer by default. You will never use or need most of them unless you are part of a corporate network running Microsoft servers. Here is a list of services I would disable by default:

• ActiveX Installer ( nobody sane uses Microsoft browsers)
• Adobe Acrobat Update Service (you never know what crap the makers of the notoriously unsecure flash will feed to your computer)
• Application experience
• Computer browser
• Diagnostics trading service
• Google update (you never know what crap they install on your computer, update manually if you need it)
• Internet Explorer ETW Collector Service
• Net.Msmq Listener Adapter (the whole .net in the next 4 entries is a useless can of worms)
• Net.Pipe Listener Adapter
• Net.Tcp Listener Adapter
• Net.Tcp Port Sharing Service
• NVIDIA Display Driver Service
• Offline Files
• Parental Controls
• Print Spooler (have this only if you have a printer and run it only when you print)
• Quality Windows Audio Video Experience ( there is no quality in Windows so this must be obsolete)
• Remote Desktop Configuration
• Remote Desktop Services
• Remote Desktop Services UserMode Port Redirector
• Routing and Remote Access
• Server ( this service is loaded with security issues making it vulnerable to
  attacks and malware)
• Smart Card (you can't secure inherently insecure system like Windows 7)
• Smart Card Removal Policy (it's a seriously retarded idea to put this running by
  default when nobody needs it)
• Tablet PC Input Service ( you don't probably need this even if you have a tablet PC)
• TCP/IP NetBIOS Helper (this is another completely insecure piece of crapware)
• Telephony (seriously, do you still use a landline?)
• Themes (this is good if you want your computer to work slower and crash)
• Windows Biometric Service ( you can't secure inherently insecure system like Windows 7)
• Windows Defender (despite the auspicious name, this is a perfect point of entry for crackers to hijack your computer)
• Windows Error Reporting Service ( or spyware sharing your secrets with Microsoft and hackers)
• Windows Time
• Windows Update (the root cause for most security risks and problems with Windows 7 computers)
• Workstation ( just like the server service, this service is loaded with security issues making it vulnerable to attacks and malware)

To disable these services, go to Control panel > Administrative tools > Services. Then just open a service by double clicking it, select Startup type Disabled, stop the service, click Apply and OK.



In addition to disabling suspicious services, be aware of the following security risks: don't open email attachments, download and run executables, or connect your computer to the Internet without using a firewall and an anti-virus software.

Read more about securing Windows 7 against Microsoft and other threats including Petya, WannaCry, GoldenEye, NotPetya, NonPetya, Petna, SortaPetya, Pneytna, Petrwrap, wowsmith123456, Mischa/Misha, Trojan-Ransom.Win32.Petya.A, Trojan-Ransom.Win32.Petya.B, Trojan-Ransom.Win32.Petya.C etc.