forums.wsusoffline.net

Yesterday I downloaded the updates for Win7 x64 using a clean copy of WOU 10.6.2.

Among the downloaded files is KB3121461.
https://support.microsoft.com/en-us/kb/3121461

This is a security-fix for older versions of the updates preparing an upgrade to Win10.
https://support.microsoft.com/en-us/kb/2952664
https://support.microsoft.com/en-us/kb/2976978
https://support.microsoft.com/en-us/kb/2977759

If I'm not mistaken, WOU isn't downloading or installing these updates, or any other Win10-upgrade-related updates, anyway

MS is suggesting to not install this update when the three previously mentioned updates aren't installed:

I am not being offered update 3121461. Are specific systems not affected by the vulnerability discussed in CVE-2016-0018?
Yes. Systems with versions of %windir%\system32\aepic.dll less than 10.0 are not affected. If your system has a version of aepic.dll that is greater than 10.0 and less than 10.0.11065, you must install update 3121461 to be protected from this vulnerability. If you have a version of aepic.dll that is less than 10.0, your system is not affected by CVE-2016-0018 and you will not be offered update 3121461. Installing KB3121461 when not affected by CVE-2016-0018 is supported but not necessary or recommended.

https://technet.microsoft.com/en-us/lib ... x#ID0EE1AG

Current revisions of the Win10-upgrade-updates have newer (fixed) versions of the affected file (currently 10.0.14275.1000), and thus wouldn't need the security-fix KB3121461 anyway.

EDIT:
Windows 8.1 and Windows Server 2012 R2 might need it, though, as they got aepic.dll as version 10.* from a normal update-rollup:
https://support.microsoft.com/en-us/kb/3096411

If you speak German, you may take a look here: viewtopic.php?f=5&t=5622
If not, I may sum the topic up for you here.

The Convenience Rollup also contains a newer version of aepic.dll, for whatever reason.
Unless somebody got an outdated copy of the Win10-upgrade-updates, downloading and installing KB3121461 is pointless.