by boco » 02.09.2019, 19:58
Dotnet etc. are only provided as a bonus. A system can be secure without Dotnet installed, for example.
As Dotnet etc. installers are not security-related, they aren't in the MS catalog, and WOU does not know about them at all. For that reason, they need to be defined statically. As the name says, they lack the flexibility of the catalog-powered patches. If a static installer changes, the file must be manually updated. It's the best we can get - download statically defined lists, filter at media creation. Everything else would be a maintenance nightmare.
Microsoft update catalog: http://catalog.update.microsoft.com/v7/site/
Windows Install media download: https://support.microsoft.com/en-us/help/15088/windows-create-installation-media