On Windows Vista and higher there should be no need to manually update those certificates anymore.
Like Draker said, the behaviour on these OS since Vista is the same ;
Windows checks for Trusted CTL once a week and the Untrusted CTL every day through Windows Update using the automatic daily update mechanism (CTL updater) !
Disabling WU may prevent those certificates from being updated ( I haven't tested it myself so can't confirm)
To modify this behaviour (at your own risk) it's possible to change the following registry keys :
Enable or disable the Windows AutoUpdate of the trusted CTL:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot]
"DisableRootAutoUpdate"=dword:00000000
0 to enable or 1 to disable. This key is not present by default. Without a key present, the default is enabled.
Enable or disable the Windows AutoUpdate of the untrusted CTL:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot]
"EnableDisallowedCertAutoUpdate"=dword:00000001
1 to enable or 0 to disable. This key is not present by default. Without a key present, the default is enabled.