you're lucky to update once a year.
Hell, I am still on Win2k SP2, which is the same as at my work. We ony patch for functionality, not security. Any security patch should only fix security issues that are easily foreseen and should have been subsequently isolated. Oddly enough this is true. Microsoft hasn't had any uncontainable/catastrophic security issues in many, many years (can't even rememeber the last one)