It is why i disable windows update, and manually check each first, before installing it.
The security vulnerabilities you fix is no longer the only threat actor these days - you have to also model the threat of microsoft, and how their updates can break your system, change it in irrevocable ways etc.
We're only a single Windows Update from silently changing that