I don't run Windows myself, but honestly: Remote exploitable Windows vulnerabilities on a default install are somewhat rare nowadays. MS has come a long way here.
I remember the smashing the stack for fun and profit windows days. It was so easy to inject shell code it was laughable. Btw can you still name a file smss.exe, run it, and not end the process with the task manager?