torchwood words point to a severe problem introduced with updates: You have to take them all or reject everything, there is no middle ground. Once you find an update to be problematic or malicious, you cannot install it or anything further, as it will contain the offender as well. Up to the point of policy change, it's fine, but nothing more after that.
About how to find what's good and bad, it's a really difficult thing. MS historically gave little details of what each update does, usually concealed under many pages of KB articles. But in Windows Update itself you'll only get a vague, inacurate or even misleading information, specially around the release of Windows 10, when MS began to infiltrate malware within updates.
The most "reliable" way I could think of filtering the good from the bad is to find one of those online "lists" that some people collect and actively avoid those. Hopefully some people describe why each update is bad so you can make your own judgment. And there is also the chance of something sliping in before it's black-listed.
This is coincidentally almost the same technique used by antiviruses to catch malware, and is precisely what makes them so incredibly unreliable.