So instead of using Microsoft Catalog, or anything else, there is an easy way to add packages.
Second you will need an updated copy of wsusscn2.cab. You can get this from Microsoft at http://go.microsoft.com/fwlink/p/?LinkID=74689. Keep in mind that this file changes frequently and it is recommended that you always grab a new copy.
Make sure you have both of these files in the same directory and copy them down to one of your Images. In my screenshot, I have a step in my Task Sequence to open Notepad as soon as the system has left WinPE and before anything else in the Task Sequence is run. I placed both files in the root of the C Drive. From there I will open an Admin Command Prompt and run cscript WUA_SecurityOffline.vbs
The next step is to let it run its course. It should find some updates and ask if you want to download them. Just press Y and Enter.
You will be prompted again after the Downloads have finished, asking if you want to install the updates. No need if we are going to just add them to MDT Packages.
Additionally in C:\Windows\SoftwareDistribution\Download you will have several new directories and files. If you do a search for *.cab it will locate the updates that were downloaded.
Now copy all of these files off your image . . . and import these CAB files in MDT Packages. Be aware that CAB files that have the word Express should NOT be added to MDT. While they will import properly, DISM in WinPE will fail when trying to apply the Express Updates.
Don’t forget to update your Selection Profile to include these packages.
Now your deployments should have the proper Security Updates installed automatically at OS Deployment. Using this method is much easier than using the Microsoft Catalog, with less possibility for making mistakes.
Be aware that some updates will not work as these are not CAB based updates, but EXE based. This is notable with Silverlight and Windows Malicious Software Removal Tool. Not to worry, you can just add these as Applications.