After approving them for installation one update failed. It was the KB2977321, Security Update for SQL Server 2008 Service Pack 3. I've let it install once again but this update failed to install repeatedly.
The Result Code was 0x80070643.
It generated an entry in the eventlog/system with the EventID "20" and the source "Microsoft-Windows-WindowsUpdateClient". But there was no hint to the cause of the problem at all. I've also checked the C:\Windows\WindowsUpdate.log, to no avail.
After some google research on the error-code I found a Microsoft article describing the error as .NET Framework related. It offered an automatic Fix-It-Tool, which I executed without any success. The installation of KB2977321 would keep failing. The further proposal of this article – in case the Fix-It-Tool didn't help – was to reinstall .NET Framework. Which I refused to do since I didnt see a direct relationship between an SQL Server Security Update and the .NET Framework.
Instead I've downloaded the KB2977321 from Microsoft and tried to install it manually.
After unarchiving the downloaded file using 7zip, I've run the included setup as administrator. There the relationship to the .NET Framework became apparent. A dialogue requested for the installation of .NET v3.5. It seems to be a prerequisite for this Update. Since the installation by Windows Update runs in silent mode it just fails with the mysterious error code 0x80070643.
Solution
So in the end the solution was simple. I've aborted the KB setup and installed .NET 3.5 using DISM as described hereDISM /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:d:\sources\sxs
You will probably need to adapt the /Source parameter in the command above, pointing to your individual installation sources.
After .NET 3.5 was installed, I could install the KB2977321 without any further issues and the Windows Update list of pending updates cleared up. Under Update History the KB2977321 was also shown as successfully installed.
Afterthought
Since Windows 8 (eventually earlier) the .NET Framework v3.5 isn't installed automatically, instead it is an optional feature. v4 is installed by default. The v4 doesn't include legacy components (earlier versions of the libraries, like v2 and v1) so oftentimes the installation of legacy components i.e. v3.5 (which includes all the previous versions) becomes necessary.I think I will include the .NET v3.5 in all future Win8/8.1 installations to prevent trouble like this which costed me over an hour to figure out.