There's a list of domains that came up in a previous discussion on HN (sorry, I don't recall it right away), and was also trending on pastebin.com, which contained all of the known domains Microsoft was using to report back from the OS. Presumably you could route those to "null" or the equivalent on your router and you'd be good to go.
You can, and I'm sure most would. There may come a time, however, when a future Windows update rewrites or works around the hosts file for telemetry. Doing it at the router or external firewall avoids that possibility.
That's a given. The rabbit hole goes as deep as Microsoft is willing to dig it. Like any other vulnerability, there will always be security researchers out there who find and report on new ones.