Do you have Automatic Updates for Windows turned on? If you knew that it might take a week or longer for all Critical updates to arrive on your PC, would you still use Automatic Updates?
I’m still trying to get answers on some important questions here, but I’m not reassured when the Microsoft Security Response Center says it’s “perfectly normal” for updates to be delayed by a week and possibly more.
Ed Bott 
Ed, I’ll take a crack at these questions. Yes, I have automatic updates turned on. I would use it even if it might take a week or longer for critical updates to arrive at my PC. But if I had specific information that a particular critical update was available sooner from another Microsoft source, I would manually download and install it.
Microsoft generally rolls out “critical updates” on the second Tuesday of each month. If such an update can wait up to a month to install, how critical can it be? If it is super critical, presumably Microsoft would not wait until the second Tuesday of the month to make it available. In any event, this happens so rarely (or never) that I don’t see the point of manually checking each day.
I noticed this too. PCs that had Automatic Updates running only had 5 or so of the 9-11 Critical Updates that were available over the last couple months.
Basically, I’ve learned that on critical machines, you manually go to Microsoft Update (or Windows Update) and install all critical updates. I’m so used to working around poor design and broken functionality that I actually didn’t think anything of it.
“If such an update can wait up to a month to install, how critical can it be?”
Go read the descriptions for the updates that have been delayed so far. Most of them involve vulnerabilities that can allow an attacker to completely take over an affected machine. I don’t want to wait on one of those.
As my research into one test machine here showed, the performance of Automatic Updates has slipped in recent months. Updates used to arrive like clockwork within two days of their release. Now it’s routine for them to arrive 4-5 days later, and Microsoft says it can take a week or more.
Ken: One reason Microsoft switched to a monthly “patch Tuesday” is because once the patches (along with some information about the vulnerability that each patch addresses) become available, there’s a sudden upsurge in attacks against that particular vulnerability. That upsurge still occurs, but at a predictable time: in the days immediately following patch Tuesday. Therefore, it’s important to apply the patches quickly, which is what Microsoft promised they would do with Automatic Updates.
Ed and Carl, I hear you. I still set Automatic Updates to run each day. Should I supplement this with a manual check as well? If so, how often do you recommend?