Guideline: Patch and Life Cycle ManagementPart of: Technology Security Guidelines
Overview: Building a set of Guidelines for Security and Privacy
In most notable, if not all, hacks lack of patch management was a key-ingredient of a successful breach. Known vulnerabilities are often not patched which leaves the gates to the environment open to attack. Not patching vulnerabilities is like not stopping a wound to bleed. And always install security patches as fast as possible, to make the window for an attack as small as possible.
And it is not only about patch management. Most too often software is being used that has exceed its life cycle, resulting in the use of software that receives no more support. No more support, means no more security fixes. Although you have installed 'all' security patches, you are likely to be vulnerable. Often security vulnerabilities, or its exploits, are reverse engineered to older not support releases. Which then result in a vulnerable system that will never receive a fix.
Never skip a security patch, and never use non-supported software. Ever.
More information from Wikipedia about Patch (computing) and Lifecycle management.