window$ 8 is still sensitive to 'man in the middle' attack, so most probably windows 10 too, in that way security is, most probably, reduced to zero (I haven't tested yet).
I don't understand why the don't fix that code and make as Linux that ignore not requested packages, would solve 90% of serious attacks instantly. I started to think that they like to be hacked.
More complicated attacks come from user software and computer/laptop use outside of secure network. Injection code from websites apply too.
This is bad idea, but I suppose that teach people to use other OS is more expensive or give more problems than maintain Windows.