Even if you are not running any other services (such as a web server, ftp server) you still have the built in Microsoft Services and applications running. Take for example MS08-067, this issue allowed an attacker to take advantage of the way that the Server service handles RPC requests. The attacker was able to execute code on the remote PC by exploiting this flaw.

This issue was patched a long time ago so shouldn’t be an issues anymore. To take advantage of a PC like the one you are talking about most of the time it would take a Zero Day or for  the machine to be missing a critical patch.

If you have a quick google you will find heaps of examples of how this is done.

Doesn't even have to be server software. A vulnerable music player can load a a specially crafted MP3 file, which in turn executes code and opens a backdoor to the computer. Almost everyone installs third party software, so there's the chance that something installed is vulnerable to something.

There are lots ways 0 days,encoding exploits to try bypass virus software and then you have end user who like to click anything you send them.

From what I've been reading, many exploits are the result of getting the user to click your infected site and take advantage of a browser flaw, Java exploit, Flash Player, PDF reader....as shadowzero said, no run runs vanilla Windows with no third party apps installed. Just might take some Social Engineering.

i missed something. Maybe u can use some ie vulnerabilities or other programs but keep in mind there is always a way and practice is the key of everything

i agree with Jamie.R. Man nothing in security world is static u cant say ok this computer is updated and patch so no one can break into it. There is a way always

its correct