The single biggest barrier is one of trust. How well do you trust the 3rd party not to do something evil? And how much responsibility do you want to take for distributing something you didn't write yourself?
For that reason alone I don't see mothership Microsoft hosting 3rd party application updates on their servers. AFAIK they only do that for hardware drivers from the big players they actively partner with (i.e. Intel,ATI, etc.). And from what I've been told, those driver updates were already approved for distribution in the OS before they showed up on the update site.
Incorporating MS updates into you own updater faces a similar problem. How well does your customer trust you to secure clean and uncompromised copies of Microsoft's patches? And how much liability are you willing to risk to do so. That's why many installers redirect you to Microsoft when you need a Windows component even though the terms of distribution may not require it.
FWIW, I always abort an install that says I'm missing a Microsoft component when it offers to install it or redirect me. I quit, go to microsoft.com (it's actually a cached WSUS mirror on my own server) install whatever I need, then launch the app installer again.
Maybe I am a little paranoid about these things. But I don't think I'm that much alone in being this way. I've avoided a lot of headaches by staying on the side of caution.
I've only had one time where I had a system taken down by something rogue. It didn't sneak past me. But it did seriously screw up the machine. And all this happened following a silent redirect off a tech support website I had been visiting for years. (They'd been hacked and didn't know it.)
But that was just that one time.
And since I go back to DOS, that's a pretty good track record.
So a little paranoia ain't necessarily a bad thing.
Works for me at any rate.