Re: Flash, ActiveX, Office doc embedding/scripting - should already be DISABLED
"If not, what effective precautions can be taken?"
-------------------------------------------------------------------
Run Linux with LibreOffice as your office suite, and a suitable email client (such as Thunderbird, though there are other choices) that includes support for PGP signing and encryption.
Run necessary windows programs in wine, or if that won't work, a VM.
Always run from a user level, nonprivileged account.
Keep the software updated. Personally I like a rolling release for this, but you can use a point release and still be orders of magnitude better off, with perhaps a bit more stability, though proper testing should keep a point release distribution working reliably too. Just don't upgrade everything in a the first week, except for 'hot' vulnerabilities.
Always validate hashes on software.
Run antimalware including antivirus and a web page scanner.
Lock down default browsers with things like uBlock or NoScript.
If something absolutely needs to be run, and run on Windows, run it in a VM.
If you are concerned about a site, or particular data, access via a locked down Linux in a VM - possibly a read only distribution - and be ready to delete that VM and replace it with a clean backup.
When feasible, use software in a VM to strip data down to macro free text files for documents and spreadsheets before moving to a filesystem accessed by your primary OS instance.
Block ads and trackers with Ghostery, PrivacyBadger, and the like to reduce attack surfaces.
Always run a VPN for anything outside your local network, or even on your local network, both to protect data and privacy and to reduce attack surfaces.
Never connect to any network you or your competent IT staff do not control, without a VPN.
When in doubt use a bootable read only Linux distribution.
When travelling remove your HDD, and carry two or three Linux DVDs for appropriate uses (Tails, Knoppix, and Mint would be a good toolkit). Use the most restricted choice for your current task. Carry your data on a flash drive or SD card, encrypted with a travel only key. If need be, store the key on a secure internet accessible location, encrypted with a passphrase written down at your home or office, and nowhere else. Do not take the key across borders. Do not use your travel computer except while travelling (which means you could re-use the HDD elsewhere).