They used to. Now all you can get on the 7/8 generations without jumping through hoops is a "monthly roll-up" that includes both security and other updates mixed together. To do otherwise, you either need to turn off updates altogether and download and install the ones you want manually, or you need to be in a managed environment that does something similar via centralised deployment. Windows 10 goes a step further and is intended to push all updates to non-managed systems whether you want them or not.

This is why the anti-vaxxer analogy is foolish and frankly rather offensive. Managing updates is about risk, and the risk from Microsoft screwing up your entire system with updates was demonstrably very high before. For example, anyone who was using the default settings to trust Microsoft's suggested updates got changed automatically to an entirely new OS not so long ago -- a new OS, incidentally, which has also had compatibility problems with various hardware, which also has significant privacy concerns particularly in places like doctors' surgeries or other environments managing sensitive information, and which is also infamous for disrupting normal day-to-day work by changing things and/or rebooting at undesired times.

I know plenty of smart, well-informed people who work in IT and made an active decision to reduce or disable updates on some of their Windows systems for these kinds of reasons. Whether they would have advised home users with no technical knowledge to turn updates off completely is a different question, but it's not an entirely unreasonable policy given Microsoft's recent track record of abusing automatic update processes.