I tired of the 'whack-a-mole' game and just stopped installing post-March 2015 updates on my Win 7 install. It may be vulnerable(what isn't?), but 3rd party sandboxing, firewall and noscript mitigate the immediate, automated threats well enough(last succeasful exploit on my machines outside of a purposely infected VM: ~2009). When MS can no longer harvest my activities(or I can deny them control) I will revisit my security policies. Until then, I will continue to disable updates, harden my firewall and deny any contributions to MS* 's data grab.

* et al. Sadly, "everybody's doing it" these days.

edit:fixed asterisks and unwanted italics.