You can register for receiving emails from Microsoft regarding security updates. You can get more information about how to at http://www.microsoft.com/technet/security/Current.aspx

As far as patching / updating the servers is concerned, I don't recommend automatic patching simply because not all may be required for your environment. The way to go would be to keep track of when these patches / updates / service packs are released and plan to roll them out only if necessary to your environment. These should be rolled out incrementally starting from the Dev to the Production and all environments in between.

Make sure you do your testing and also involve the developers in the testing while rolling these out.

HTH