I'd guess that the majority of users have automatic Windows Update turned on, since that's the default setting and what Microsoft recommends. The only people who have the base level of Microsoft operating systems (or don't apply patches between service packs) are the ones who are so clueless about security that they're not likely to have gone out of their way to install a third-party anti-virus tool.

If they assume that most users apply all "critical" Windows updates in the order that they're pushed, the anti-virus vendor could snapshot their reference PCs before each update and record the hashes of all Windows files. It's possible to determine which updates have already been installed on a machine (there's an option for this in the control panel, and the information is probably stored in the registry).

And it's almost trivial to add new entries after each update. I can't imagine they don't have it, but I can imagine that they didn't use it this time ("check takes too much time, let's just ship it").