TL;DR
How vulnerable is Microsoft to a group blocking them from being able to patch windows, and what would it take for said group, to be able to push their own virus through a windows update?

Warning: I am borderline illiterate and terrible at writing. My school essays use to have so many grammatical mistakes, that the amount of red ink on them would make a communist say it was too much red.
I am currently a college student studying information science and technology, and I was thinking about security because one of my teachers is forcing us to learn PHP, which is the textbook definition of insecure. But it lead me down a train of through.

Could Microsoft theoretically ever be fully locked out of patching windows, at least for a while?

Say some how, group managed to worm their way into Microsoft's systems, say completely encrypting and then bricking Microsoft's entire system (globally, not just at one office, they did this to all currently active Microsoft systems), could they theoretically prevent Microsoft from being able to have access to capabilities to update windows?

I would assume not, because they should have fall backs, in which case, say Microsoft had a patch on a USB that was uninfected and ready to go, how long would it take them to recover the capability to push said patch to windows pcs?

This leads to my more concerned question, could said malicious group push through a malicious update? What credentials would they need to steal in order to put through a "windows update"?

Say they managed to obtain the credentials somehow of Microsoft, and did a malicious update, what do you think Microsoft would respond?

Lastly, how many monitors with command prompt streaming random stuff, like in the movies, would that one guy in the hacker group require in order to accomplish this task? Because I would say a hacker with 6-7 monitors along with extremely cheesy 1990 techno music and always wearing sunglasses, even in the dark =hacker baseme... den=, would be the bare minimum to accomplish this task.