Hi Julian Komarek,
Yes, your understanding is correct. Windows quality and security updates are generally cumulative, which means a newer build in the same servicing branch includes the fixes and security mitigations that were delivered in previous builds, along with any newer improvements. As a result, a system running build 10.0.17763 would be expected to contain the security fixes that were already included in 10.0.17762, unless Microsoft documents a specific exception.
For vulnerability management purposes, it is often more useful to verify the installed OS build number and the current cumulative update (KB) rather than looking for every older KB individually. Since Windows updates are cumulative, older KBs may no longer appear as separate installed updates even though their fixes are included in the newer build.
A simple way to think about it is that each cumulative update builds upon the previous one. Installing a newer build does not remove earlier security fixes - it carries them forward and adds new fixes on top.
I hope this helps clarify how Windows servicing and cumulative updates work. Thanks for your effort.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.