I love working with people like you. I genuinely enjoy it.
The Hacker News, Dark Reading, International Association of Privacy Professionals, and ThreatPost rate Microsoft's current OS as top box. Microsoft is in Gartner's magic quadrant for security, outpacing Amazon and Google. Microsoft spends well north of US$1B on security. They are arguably the leader in security across all of IT.
Your entire argument is that because Microsoft patches their operating systems, they're natively insecure, and that speaks directly to your ignorance and outright disdain for the Windows OS. The fact that you're focused on Windows 10 tells me that you're not involved in security. Linux patches their kernels monthly for many of the same vulnerabilities, because the vulnerabilities are specific to a common protocol, not a specific OS. As an example, SMB was patched by Microsoft several times in the last year, but that patching also extended to Linux and Apple devices for the same reason.
You're also arguing from the perspective that more frequent patching is inconvenient and means something's natively wrong, so what you're really saying is that you're content with your operating system vendor just sitting on in-the-wild vulnerabilities so as to not inconvenience you. Thus, you'd prefer longer-term patching that could patch a much larger set of dependent subsystems, likely resulting in bigger problems and requiring extended troubleshooting in order to unravel a Gordian knot of stack faults, debug logs, and/or memory dumps. No thanks! I'll take the fail fast and recover methodology.
27 years working in the IT industry has tainted you. Your legacy mindset is clouding your understanding of the needs of modern security. I've worked with people in government like you. Wrenching your mainframe or Oracle or (shudder) Novell subsystems from your control is like trying to take a steak from a rottweiler. Sit in your corner and enjoy that steak. The rest of us take solace in the fact that our operating systems are natively secure from intrusion because we trust that our vendor is keeping the kernel up-to-date.
I hope you enjoy cashing your checks from Microsoft.
Not only have I recently worked with the latest Microsoft products building software using Python working with edge-node databases for big data applications I have developed applications in augmented reality for the Hololens. I have also helped sell SAP software to Microsoft itself to the tune of $50 million back in 2005-2006. I know what I am talking about.
I thoroughly enjoyed slapping down rabid Microsoft execs in charge of their craptastic ERP offerings like Great Plains and Microsoft CRM because they could not handle the transaction volumes of their Enterprise Application Software licensing business. I made my bones by telling them politely to phuck off to face.
Since long before Microsoft and Apple and even Linux discovered security patches, I have worked with NetBSD UNIX (we're talking since the early-mid-90's here). NetBSD UNIX is arguably the MOST SECURE operating system in common workstation and server use. And it runs on everything, but that's beside the point.
You know what? NetBSD gets patched often, just like Windows, just like MacOS, just like Linux, etc. And NetBSD.org produces a near-constant stream of PkgSrc package updates with bug fixes, security fixes, features, etc. You know what else, they LIST EVERY PATCHED AND UNPATCHED VULNERABILITY so that you knew exactly what was going on. Here's the package list of over 17,400 packages. And for every one, you knew exactly what the fixes -- and the problems -- are. You can look it up.
So please, guys, don't argue about the Deep Hidden Meaning of security updates. Everything needs patches. Constantly. Lighten up.
These days Windows is in pretty great shape, security-wise, and its continued dominance on the desktop speaks to its high degree of utility. IMO, its downsides stem from two other long-standing problems: a) 25 years of using a kernel that got screwed over when it was just a baby and became nearly impossible to maintain, and b) a Marketing department that can't get its head out of its ass to save itself. Those are both fixable, although they would be wrenching changes. But I digress...