When you run the media creation tool you get the latest biannual build. If it has been a few months you promptly also get a cumulative update that addresses all of the stuff broken and/or insecure in that build. Is there a good reason that biannual builds are not upgraded directly so that when someone uses the media creation tool they get the latest patches pre-integrated? It seems that in doing so MS could reduce bandwidth (build + updates is larger than patched build) and people could start fresh with serious security holes patched on their first trip to the web. I assume there is a good reason for not doing this and I am curious if anyone here knows why.
The MCT doesn't integrate the CU's, WU does it when you use the MCT to directly upgrade the system, when the MCT is used for ISO creation it doesn't integrate any updates at all.
That is literally what I just said. What I am asking is why MS does not update the image that the media creation tool downloads. To be very specific, when I run the tool, I do not get 16299.371 even though I can easily create 16299.371 by integrating KB4093112 into the RS3 base image. There must be a reason that MS avoids distributing what is always going to be a more stable and safer build through the media creation tool.
I do not think we are seeing eye to eye so let me apply my question to use cases. Person A and B have dead HDDs and replace them. Person A and B use the media creation tool on a different system to create a bootable flash drive. Person A has a system with specific hardware that fails to install RS3 in its base form, this error has been corrected in 16299.371. Person B installs windows and goes surfing. Before the CU has a chance to install and reboot their system they are hit by an exploit that would have blocked in 16299.371. In both cases the only reason the user has issues with windows is due to the media creation tool providing an obsolete build with known bugs and exploits. My question is why MS does not update the media creation tool after every cumulative update? As it stands now there are places (like this very site) that do that work for MS allowing a user to start from scratch with an up to date image. This knowledge is far outside of what the average novice user even knows exists. Its not an issue for people like us, we just integrate the latest CU directly and install. The average user does not have access to this and could have a crappy user experience as a result.
I honestly never saw pre-integrating a CU fix installation errors myself, or better yet, never experienced an officially released build having installation problems at all. That;s not totally correct, i remember a build that had boot problems, something with hwexlcusion lists, at some CU it was solved, but that was boot.wim index 2. They have an exact releasing scheme, @abbodi1406 posted it once or twice before.
That's all well and good but not really related to what I am asking. MS has the ability to make it simple to access the current build so that no update is needed to attain the best compatibility and best resistance to exploits. Ms does not do this, instead you have to: A: Build your own up to date image and install. OR B: Install fresh and then allow windows updates to apply the latest cumulative update. I am asking if anyone that has interfaced with MS in any official capacity asked this question? It seems like it would save MS bandwidth and create a better user experience so there must be a very good reason why they opt not to. To put this in as simple terms as possible..... If you ran the media creation tool and you got an ISO with build 16299.371 (or whatever the current build is), would this create more problems then it solved?