ARS Technica writes Microsoft decided to push these updates via Windows Store, and not via Windows Update. The patches will only be installed on vulnerable systems.
Unlike the vast majority of Windows patches, the ones released on Tuesday were delivered through the Microsoft Store. The normal channel for operating System security fixes is Windows Update. [...]The vulnerability resides in hevcdecoder_store.dll, a library used for parsing HEIC images with HEVC codec. This library is downloaded via the Windows Store, so perhaps that's the reason why Microsoft is also pushing out the update via the Windows Store.
“Affected customers will be automatically updated by Microsoft Store. Customers do not need to take any action to receive the update,” both advisories said. “Alternatively, customers who want to receive the update immediately can check for updates with the Microsoft Store App; more information on this process can be found here.”