(Just a list of such updates would help if I knew it was kept up to date by people who knew enough about the holes to understand whether they can be targeted during the minutes after connecting a public IP machine to internet with a clean official DVD install of Windows that still needs to get and install updates from Windows Update)
Is there an official cumulative update that can be installed straight after Windows 7 RTM/SP1 that atleast attempts to ensure the installation is patched for known remote-exploitable holes that can come through the network just by trying to connect on the computer if the computer has a public IP?
Ideally such would be in a fixed location/URL and always offered for every Windows version and SP, even if no known such holes/vulns existed. One could then simply have a process where one downloads the update on another system and installs it locally before hooking up onto the internet.
eg. Preferably instructions for the process should be this simple:
1. Download official cumulative update for bugs falling into this category from a known, bookmarkable URL that's guaranteed to stay the same for next decade or two? eg. microsoft.com/critical/w7sp1/
2. Install it before connecting a clean Windows onto network.
My current process is to read through every patch description that came since the last time I read through every prior patch description (incase I missed it when the patch was new) and try to guess whether a patch is needed before connecting the machine to internet in order to get the latest updates after a service pack. I have also tried the alternate of downloading every patch and installing them but I'm also targeting less time to install now since I found out that this process makes the install take even 3 times longer than normal on SSD and results multiple installs of old superceded patches. WSUS could probably address this but then I'm spending time with figuring that out vs just letting the computer to spend more time trashing the HDD or pegging the CPU during install. So neither is what I want.