How would that "drive-by system takeover" happen?

AFAIK, Windows 7 came with its network firewall enabled by default, so most services wouldn't be exposed to the network. And that network is often a local network, with another firewall separating it from the rest of the Internet. For many users, the only exposed attack surface would be the web browser itself.