The Fix Vulnerabilities and Install Updates Task scheduling works in an unexpected and undocumented way. Instead of initiating the task at regular intervals the schedule operates as a retry interval. If you expect it to start once a month and install all the new windows updates it won't do that. Instead, if there are updates that didn't get installed for some reason (e.g., error or license acceptance needed) it will wait one month to try again and it will only try again on the machines where the updates were not installed. the task must be rescheduled for each new batch of updates. This behavior is different from every other task type, but is not documented.
1. At a minimum the actual behavior of the schedule needs to be documented in the Administrators Guide and the help files.
2. I would prefer that the task would start anew according to the schedule and then respond with its "nothing to do" if no there were no new patches to be applied. I would probably use either a nightly or weekend schedule to put the updates on after hours.
3. Administrators who are more interested in preventing installation of untested updates can set the options to require approval before updates are installed.