If you want to have your car for a long(er) time, you usually do your servicing, or in other words, you look after it.
This is the same what you should be doing with your servers/services/applications what you are responsible for. You look after them, you do a regular oil-change (ie. “updates and/or patches”), you do your regular MoT (here in UK), ie. your regular yearly review.
You are also obliged by law that it is roadworthy, or you loose your insurance. So when there is “something sticking” out of it, ie. when it is a security hazard, you go and fix it. Same for your server, you fix it, ie. you configure it correctly or you remove it altogether.
And last but not least, there are also “zero-days” on cars. Year, right. Like manufacturers faults or a design/construction problem. There is nothing what you can for yourself. When you don’t know about it, you can’t fix it. For the most cases, it comes down that the manufacturer lets you know and – here you go, patch your system.
If your manufacturer doesn’t know, or doesn’t want to let you know (that’s unfortunately quite common in the software industry), that’s it. If you are lucky, you can turn that particular feature off, if not, you have to live with it.
Just some thoughts, heading off now.