I've seen people resorting to disconnecting machines from the internet to prevent this. They load up the software they need, then it never goes online again, so updates can never bother them or otherwise get in the way. The software thus stays exactly as they want it to be. It's an appliance at that point.
It's annoying to have to shuffle files over to it, if that's needed for its job, but I think it's still a worthwhile thing to consider (it's insane that we've gotten to this point, but such is life). If it isn't workable, then fine. But if it is, the hassle of shuffling files using external SSDs or whatever is probably better, or at the very least more consistent, than turning on your machine one day and finding it corrupted itself due to an update, or the software in question got a UI update which breaks your workflow for a month.
Hm, yeah, can't really disconnect it, I'm using it for (local) CI purposes as well. I could disconnect it from the internet though, keep the local connection, but maybe actually explicitly blocking anything windows/microsoft for the period I want it to stay online, might work sufficiently.
Regardless, thanks for the ideas!