If you will be in a situation where you have to update your Windows clients or servers that are kept without connection to internet or without connection to your internal WSUS server – you can use this handy tool to download and prepare a package that contains all quality and security patches for your specified OS versions, including Windows Defender, C++ runtime Libraries and .NET updates.

The output can be either an executable file (which you just run on the target server – see picture above with all the options), USB stick or an .ISO file.
For downloading the Windows updates, either your internal WSUS server or Microsoft’s Windows Update service can be used. Just note that it could take few tens of minutes or even hours – as you are downloading all patches available for your selected builds (so it will also take a lot of disk space!)

The tool can be download from official source: