I am posting this out of curiosity, I am trying to get a better handle on my patching approval groups, and am curious to see what some of you may be doing.
Specifically, looking to see what patch categories, and severity levels you are pushing out for your servers and workstations in regards to Windows Updates, and what your thoughts are on how you chose them.
I am trying to find the "right" level of patching.. do you tend to push only critical, or include moderate and important updates etc.. I guess there are caveats on either side. You can push too much and cause potential issues (for example IE updates tend to break a lot of web based apps, however also one of the more vulnerable apps to be not patching), on the flip side, pushing only critical you tend to not be patching nearly as much as i would expect if i were a client.
Any thoughts, or good articles, best practices etc.. on this topic out there?