Among the downloaded files is KB3121461.
https://support.microsoft.com/en-us/kb/3121461
This is a security-fix for older versions of the updates preparing an upgrade to Win10.
https://support.microsoft.com/en-us/kb/2952664
https://support.microsoft.com/en-us/kb/2976978
https://support.microsoft.com/en-us/kb/2977759
If I'm not mistaken, WOU isn't downloading or installing these updates, or any other Win10-upgrade-related updates, anyway
MS is suggesting to not install this update when the three previously mentioned updates aren't installed:
I am not being offered update 3121461. Are specific systems not affected by the vulnerability discussed in CVE-2016-0018?
Yes. Systems with versions of %windir%\system32\aepic.dll less than 10.0 are not affected. If your system has a version of aepic.dll that is greater than 10.0 and less than 10.0.11065, you must install update 3121461 to be protected from this vulnerability. If you have a version of aepic.dll that is less than 10.0, your system is not affected by CVE-2016-0018 and you will not be offered update 3121461. Installing KB3121461 when not affected by CVE-2016-0018 is supported but not necessary or recommended.
https://technet.microsoft.com/en-us/lib ... x#ID0EE1AG
Current revisions of the Win10-upgrade-updates have newer (fixed) versions of the affected file (currently 10.0.14275.1000), and thus wouldn't need the security-fix KB3121461 anyway.
EDIT:
Windows 8.1 and Windows Server 2012 R2 might need it, though, as they got aepic.dll as version 10.* from a normal update-rollup:
https://support.microsoft.com/en-us/kb/3096411
