Microsoft’s updating quality has fallen on bad times. It is now more risky to use any Microsoft updates than to not use any of them at all. In fact, I and my clients stopped all Microsoft updating of any kind after May, 2017
Windows Update had been a standard of security that was heavily relied upon by scores of Windows users for decades. Applying the once monthly updates became a mandatory ritual that most all Windows owners followed. Windows Update is by default automatic. For all those decades it worked largely flawlessly.
Unfortunately, the quality of Windows Updates has fallen off badly. This has given rise to numerous defective updates that cause a whole range of problems. Many updates are re-issued, some many times over.
Coincident with this falloff in quality, starting just after Microsoft ended Windows 7 development (December 31, 2014) and began security-only “support,” Microsoft changed the objectives of these updates from primarily security-only, to feature-related along with security. The “features” often contain(ed) changes to Windows 7 that some owners did (do) not want. At first they could selectively reject specific updates. October 2016, Microsoft changed the way it assembled updates in a way that no longer allows people to be selective. They call this new type of update “Roll-ups”. These Roll-ups are an all or nothing kind of deal, that includes all manner of “updates” that are largely unpublished. There is a way to get just the security updates, but it is complex and fraught with problems unless you are a serious technician. Therefore out of reach of most people.
Best advice is to set Windows Update setting to “Never check for updates.” Unfortunately, that means Windows Update no longer works automatically, but requires the user to manage the update process. However, this is the only way to take control of the situation. Enterprise IT folks have always done it this way.
A top notch antivirus product, such as BitDefender Antivirus + is mandatory.
I recommend you have a “System Image” of your system prior to data or dynamic applications being added. This is to allow you to re-install your entire system easily and without the need to re-install windows itself or Office.
I also recommend regular backups