I think I need to agree with the need to evaluate each system and each patch individually. It kills me, because I started out a long time ago in the land of helpdesk - where I learned that standardization is a beautiful thing. Unfortunately it's just not as practical in the data center.

Still I would love to hear if anyone's got a really good system for tracking revision levels and patch deployments.

A three ring binder or a spreadsheet is better than nothing, but it just isn't sexy if you know what I mean.

And I have definitely worked in environments that could not implement a patch in short order due to industry and/or governmental regulations. Things needed to be tested on systems mirroring production systems for literally months before upgrades could be pushed to systems containing production data.

Fortunately those type of environments tend to be very heavy on security too - limiting the potential for an exploit and greatly limiting the spread if an exploit were to happen.