windows update no longer updating the .net framework 4.8

so far i had been relying on windows update to also install the latest patches for the .net framework 4.8.
but this is no longer happening on my machine with "windows 10 pro" (running in workgroup mode).

here's a simplified list of the windows update history of that machine:

 - 2020-xx-xx windows 10
 - 2020-08-14 .net update 2020-08 KB4569745
 - 2020-08-14 windows 10 upgrade to 2004
 - 2020-10-20 .net update 2020-10 KB4578968
 - 2021-01-19 windows 10 upgrade to 20H2
 - 2021-02-23 .net update 2021-02 KB4601050 (<------)
 - 2021-09-21 windows 10 upgrade to 21H1
 - 2021-10-27 windows 10 21H1 cumulative update KB5006670
 - 2021-11-03 update for windows 10 21H1 KB5005463

at the time of writing it's november 2021.
the last .net framework update (KB4601050) was installed in february 2021.
for example: the machine still has "System.Windows.Forms.dll" with file version "4.8.4270.0".

there have been more recent .net framework updates. for example cumulative update KB5005539 (october 2021).
but windows update is just not finding and installing those.

what could be the reason those automatic updates are no longer working?

--

a note to the comments:
i'm not talking about the registry entries below NDP (which for me shows up as "4.8.04084").
instead, i'm talking about "cumulative updates" that are updating the individual .net framework assemblies. for example: go to "%windir%\Microsoft.NET\Framework64\v4.0.30319" and check the file version attribute of "System.Windows.Forms.dll"
and at top level i'm simply looking at the "windows update history".

--

update:

the closest match that i have found is in the discussion at: https://www.askwoody.com/forums/topic/net-update-confusion/

discussion summary:
at the time of writing the KB4601056 / KB4601050 (february 2021) was the last one classified by microsoft as .net security update.
all later cumulative updates are classified as .net quality and reliability improvement updates.

depending on how you have configured your "windows update" service, the latter category will not be shown / downloaded by windows update.

--

so the challenge might be to pick the right configuration:

  • i do not want any "preview" updates
  • but i do want updates for quality and reliability (with a delay of 7 days after they have been released)

unfortunately, the following settings in "gpedit.msc -> Windows Update for Business" still don't make the .net framework updates show up:
enter image description here

so maybe after all it's still some glitch or bug in the supersedence chain of the .NET Framework updates?


in that discussion at https://www.askwoody.com/forums/topic/net-update-confusion/ Susan Bradley says it all (bold emphasis mine):

.NET’s are very confusing in how they are packaged and handled by Windows update.

If you leave your machine and don’t set any group policy settings, you get updates that have bug fixes but not any new security updates.

If you set any of the normal deferrals, you get treated like a “business” patcher and only get offered when a .NET update gets released with a new security update.

What you are experiencing is indeed “normal”.

as per my understanding those "deferrals" making one being treated as a "business" patcher are the following:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"BranchReadinessLevel"=dword:00000010
"DeferFeatureUpdates"=dword:00000001
"DeferFeatureUpdatesPeriodInDays"=dword:0000005a
"DeferQualityUpdates"=dword:00000001
"DeferQualityUpdatesPeriodInDays"=dword:00000007
"ManagePreviewBuilds"=dword:00000001
"ManagePreviewBuildsPolicyValue"=dword:00000000
"PauseFeatureUpdatesStartTime"=""
"PauseQualityUpdatesStartTime"=""

so it seems it was not possible to achieve all of the following:

 - under no circumstances i want "preview" updates!
 - i do want "security" updates (ideally delayed by 7 days)
 - i do want "quality" updates (ideally delayed by 30 days)
 - i do want "feature" updates (ideally delayed by 3 months)

what a shame ...

so in case we're interested in a specific .net quality update, we need to download the MSU from the microsoft update catalog and install manually.