Having provided critical security patches for Windows 7 and Server 2008 R2 for almost three years now, and a bit less for for various end-of-support Windows 10 versions, we can say that yes, 0patch can provide long-term protection for these systems.
Regardless, you need to know that there will be vulnerabilities and security-related functional issues that won't be fixable with micropatches. For instance:
- Cryptographic algorithms occasionally get broken and need to be hardened or replaced by stronger ones. While we could disable broken algorithms on your computers using micropatches, it's not possible to implement new crypto algorithms (and all the integration and user-interface support for them) with a micropatch. Without that, you will eventually (although not in a year or two) end up being unable to browse many web pages as is today the case with Windows XP.
- From time to time, a vulnerability may be found in Windows 7, Windows Server 2008 R2, or Windows 10 that would require a significant redesign of some important functionality that you can't afford to disable.
Issues like these will accumulate in time and slowly chip away at security without us being able to help. It is therefore important to make such computers harder for attackers to access; for example, place them behind firewalls and limit the accessible ports, or place them in segregated network segments in your internal networks.
See also: How long do you plan to provide Windows 7 and Windows Server 2008 R2 Micropatches?