Of course, Microsoft tend to call a lot of things "critical" even when they're not.

In my view, anything that can be used as a worm vector is critical. Anything that can lead to the compromise of a single PC is just "important".

Microsoft's patches have a habit of breaking important functionality, so on mission critical servers you probably want to minimise unnecessary changes. I tend to use Microsoft's grading system as a guide, and then go and analyse them and come back with a more accurate threat analysis.