That it does... but you're thinking way to logically.
I tend to do that.... I ama 1 and 0 kinda girl.

specifically when assessing a threat...as to run around and apply patches untested to a production environment is risky to say the least and I like to see what the mitigating factors are before I patch.

I have seen some hasty patches totally fubar a server \application....

I err on the side of caution usually

MLF