IMO it's not that simple.
Microsoft is actively releasing an update to
Secure Boot keys at this moment... and there are
increasing reports of issues. Whilst many are just event log errors, there have also been BSODs and 'fail to boot' problems.
One factor
may be that devices don't have the latest UEFI firmware update... so this needs to be taken into account if OP uses
Secure Boot and allows
Windows Update.
In my case Dell have released an updated BIOS/UEFI update (A24) labelled 'Critical' for my aging
Latitude E7450 laptops, newer than what is currently installed. However, when I look at the CVE Security info about the vulnerability it addresses, it turns out it can only by misused by an attacker with physical access... not an issue in my case at all.
So, what should I do? Update or not? Your advice is to ignore the update as it's not relevant to me. However, if
Windows Update suddenly updates
Secure Boot on my laptops then I could be left with non-booting devices.
I'm hanging fire at the moment whilst I read around about these
Secure Boot updates and whether Microsoft is going to address the issues that its updates are causing... but I certainly haven't ruled out updating the BIOS/UEFI just because the 'critical' issue it fixes doesn't affect me.
Hope this helps...