For compatibility reasons I want to keep the current .NET Framework version (which is 4.7, the latest version) and stop automatic/silent updates in the future from Windows Update or WSUS only for .NET Framework version while allowing all other system/security updates on a Windows Server 2008 or 2012. I have found answers for how to prevent updating to a certain .NET Framework version or how to hide the update from the list of updates in Windows Update after the update is already available, but this is not what I want. What I'm interested is preventing updating from a .NET Framework version when we don't know if, when and to what version an upgrade will be available. E.g. the latest .NET Framework available is version 4.7. Future versions could be 4.7.1, 4.7.2, 4.8 or 4.9 but we don't know yet. How can one prevent these future updates from being installed by Windows Update or WSUS on a Windows Server 2008/2012?
I think this is a very sensible question, and I'm a bit surprised that the whole internet seems to be trusting Microsoft not to break their stuff (at least in the context of automatic web server .NET Runtime updates).
Yes, what you are asking is not recommended by Microsoft.
Important We strongly recommend that you do not block the installation of .NET Framework 4.7.2. However, you may have a business reason to temporarily block the installation. For example, you may require more time to test line-of-business applications in your environment. In such a case, you can modify the registry to temporarily block this installation.
And yes, Microsoft .NET Framework Windows Updates are intended to be fully backwards compatible.
But for a critical application on a Production server, there is a definite risk to automatically rolling out version upgrades to the underlying code without first testing them in a Staging environment. Although rare, there are known instances of existing applications being broken by Microsoft's in-place Windows Updates. (This is also a risk for updates generally, including security updates.)
To answer your question:
No, there does not appear to be any server-level setting that allows you to block future, unannounced .NET Framework updates generally for computers that directly connect to Windows Update.
As an alternative, the following three workarounds could help you to prevent an untested .NET Runtime update:
If your organization uses an update management solution, such as Microsoft WSUS or System Center Configuration Manager, those tools can be used to selectively approve or defer your updates individually.
You could always stay one version behind. (Ex: Don't update to .NET 4.7.2 until you can confirm the next "BlockNetFramework48" setting name.)
(Less reliable) Recent .NET Framework version updates have been rolled out as Recommended updates. If you disable Recommended updates that might partially mitigate the risk that a future .NET Framework version update would be rolled out automatically without testing.