Security patches should be always applied ASAP by sysadmins. Even more if it is some kind of security sofware. Because malware.
Any kind of update should be tested by sysadmins before being applied. Even more if it is something that can break booting or security. Because providers can make mistakes.
Being a sysadmin nowadays must be a lot of fun.