I assume, that you do not intentionally run/open the suspicious programs/content and do not ignore security alerts. If not, then the below suggestions (and others) will be pretty much useless.
- Windows & software updates.
- Reducing the attack surface (disabled SMB protocols & unneeded services, etc.).
- Standard User Account.
- Default-deny setup.
You can think about kernel exploits as about the HIV disease, which exploits the human immune system. The most efficient solution is a reasonable prophylaxis.
You can try other solutions like hardening the system processes, but this will be a painful way just like the HIV disease treatment.
