[fakeempire]

"I have found the policy of installing all updates when first setting up a Windows server and then never touching it again to work quite well."

I think you need to reevaluate your policies immediately. Not applying security patching isn't a good policy.

[nobody314159265]

You have a choice between:

The chance of someone bothering to hack you multiplied by the chance that the new patch doesn't include several new security bugs

Or the chance of a new untested patch bringing down your business.

[mkchandler]

This is why we use QA servers for most of our systems. We try our best to test all functionality on a patched QA server before deploying patches to our production servers. We have had good success doing this (with Windows at least.)

[briandear]

The real question is why anyone would willingly run a windows server for anything?

[nobody314159265]

So leaving your main system exposed to the new zero day vunerability for a whole day while you do the tests!

[DanBC]

No. You wait a few hours (maybe half a day) and see how other people get on with the patch. Then you patch.

Or you leave more holes for the automated bots and worms to exploit.