> Fortunately Microsoft lets you now download any edition updated ISO editions with all
> current patches included, or so I've heard.
Correct. If you're creating external installation media from a newly-downloaded Windows 10 ISO, the ISO will contain all current updates and upgrades as of the time of download.
However, that doesn't necessarily fix the issue of the machine that hasn't been patched in months. It might be possible to use that media to patch it to current, but I don't know if that's even possible - and, if it is, I doubt that it would let you pick & choose the updates to apply.
> Still, that sucks. My experience with Linux has been pretty bad across the years with
> OpenSUSE being the most bearable. I think I'll have not choice left but to run
> Windows virtualized and expect a Linux distro (probably Ubuntu) to become my main OS.
*Shrug* Linux has its own set of patch management problems, and that can be heavily-dependent on the distro in use. There's no real escaping it one way or the other - and that Windows VM will still need to be patched.