If you work for a fortune 500 company and didn’t fully vet all released patches you probably would be out of a job. Or you are lucky… The only immediate updates are those on the U.S. - CERT lists.
Many of these companies have 50-200 different types of software spread across 100’s of servers. I can think of a few CTO’s and/or CIO’s that didn’t fully vet the patches and lost their jobs.
I can think of one who worked for a major international bank that ignored a small little used server used by a few users. When the CTO updated the major database servers it knocked this server down. It just so happened it was only used once a quarter by the CFO office to produce critical SEC reports.