It's pretty clear you don't understand what a Windows Service Pack is and is not, despite you calling other people idiots in your ignorance. So allow me to attempt to correct your misconceptions.
Do you know how many security patches are in the average Windows SP?
Yes, all the ones that had previously been released for the given version of Windows up to the time of release of the Service Pack. Service Packs are not, nor ever have been, a sole source for the installation of security updates. They offer a convenient package for the cumulative set of prior released security updates, but they do not patch "new" vulnerabilities that have not been previously patched. That is, all the security patches they include are already available separately on Windows Update. For a period of time, two years for Windows, new security updates are made available for both the SP version and whatever came before it, so your security risk is largely imagined. The only issue here is the two year support period is coming to a close so patches will no longer be offered for the original Windows 7.
I'm sorry but anybody who has waited this long and not applied SP1 is indeed an idiot because every script kiddie on the planet uses those patches and SPs to reverse engineer new exploits specifically targeting fools that don't update the thing.
Dude, script kiddies don't wait for Service Packs. SPs do not patch previously unknown security issues. They merely include all the previously released security patches in a single update (among many other updates). Hackers wanting to reverse engineer a security update can do so as soon as it's released as part of the monthly MSFT patch cycle. Why wait for a Service Pack? And yes, I say hackers. Reverse engineering binaries and creating exploit code is generally outside the realm of script kiddies. If you keep up-to-date with monthly Windows updates you have all the security patches that the system with the Windows SP has. In fact, if the latter isn't keeping up-to-date with monthly patches you have more than the Windows SP system has.
So there really is no excuse......you can take a bare drive and have a fully loaded fully patched Win 7 system in less than an hour and a half
I'm going to tell you something that is going to surprise you. The two year support overlap for Windows patches isn't about you. Microsoft doesn't invest the no doubt significant additional resources of developing multiple versions of a given patch for different Service Pack releases so home users have a nice two years to update. The issue here is corporate customers who have anywhere from 10's to 10's of thousands of computers to update. Service Packs for modern releases of Windows include hundreds to thousands of updates, and quite often, new features. They can and do introduce breaking changes, and so there's no guarantee that software that used to work will continue to after a Service Pack (though in the overwhelming majority of cases it should). Systems need to be tested before deploying a SP, and for larger companies, two years isn't unreasonable. Deploying a major OS update to 10,000 computers in a sane way with minimal breakage is not trivial.
In future, please understand what you discuss before flaming others.