Retaining expired certificates can be a requirement, depending on the certificate's purpose:
It looks like DST Root CA X3 was enabled for timestamping/email signing which can have similar requirements regarding retroactive signature verification, so retaining it makes sense for Microsoft.
Other root stores (especially those that only cater for server/client authentication, i.e. browser trust stores) generally remove expired roots, yes.
(Though MS seems to generally just to not care enough regardless of certificate's purpose)