For years I haven't recommended installing Cumulative Updates (CU) as they are released. The main reason is that Microsoft has had language associated with their CUs that say customers should not install a particular CU unless they are experiencing the specific issues the CU corrects. Each CU has (in the past) also noted that you should stick with the latest Service Pack otherwise. That disclaimer has been enough for me to be concerned about CUs in a general sense, despite the insistence that the CUs were tested as well as SPs. My thought was that if the testing was the same, that disclaimer wouldn't exist.
Well, things have changed. The latest CUs have this language in the section where a KB says that Microsoft recommends CUs as they are release:
- SQL Server CUs are certified to the same levels as Service Packs, and should be installed at the same level of confidence.
- Historical data shows that a significant number of support cases involve an issue that has already been addressed in a released CU.
- CUs may contain added value over and above hotfixes. This includes supportability, manageability, and reliability updates.
That's good news, though as Kendra Little notes, you still need to test. Bugs will still exist in patches, and really all software, so it's important that you test in your own environment. That means you need a test plan that can easily run, preferably an automated test plan. If nothing else, this is a good reason to use tSQLt and have tests written for your system. At least you can verify important queries and systems are working. Kendra has a good list, so read her post.
While I think the quality of CUs is up and they are probably as safe as most of the Windows patches we get every month (and are often installed no matter our individual feelings), I'd still be wary. If you can't test, if you're busy, if this is a month you can't afford for things to fail, then don't install the CU. This is like throwing your own developers' code into production without any testing. Make sure you know what is being changed, and you look for obvious problems. No one will be too upset of an obscure issue, but if your scheduled jobs start failing, you'll dramatically reduce the confidence people have in you.
I am still wary of all patches. They're disruptions, to both your routine, and potentially to availability as well. Make sure you test, but if you have the time, I'd say keeping up with patches is worth doing. Microsoft is constantly fixing issues, and you want to take advantage of their hard work, if you can verify the patches don't degrade your system.