No system is 100% secure. None. So a system will always starts out with, say W problems. Over time X more are found for any given time period t. So the total number of faults is W + Xt. This number grows with t.
Fixes, Y, for those problems are released. So the total number of faults is now W + t(X - Y).
Ah, but wait, those fixes may introduce some other issues, Z, so the total number of faults is W + t(X -Y +Z) where Z is some fraction of Y...say f, so Y is fY
W + t(X -Y + fY) which si W + t(X -Y(1-f))
So long as Y(1-f) > Z then a patched system actually gets more secure as time goes on rather than an un-patched one, because more are holes are getting plugged than are being discovered/created.
Just because Windows makes keeping a system up to date a raging pile of ball-ache does not make a highly patched system a bad thing. So long as those patches fix more problems than they cause.