Interesting tidbit from the bottom of this thread [1]: Windows actually has a pretty clear distinction between "security" and "crap-no-one-needs" updates and even offers a way to restrict to security updates only - in the LTSB version which is exclusively available to enterprise customers [2].

I take that as a proof that the whole discussion is more about pushing Windows-as-a-service than about actually caring for security.

[1] https://news.ycombinator.com/item?id=14340449

[2] https://docs.microsoft.com/en-us/windows/deployment/update/w... "Long Term Servicing Branch"