I fear patching. It is one of my biggest professional terrors, second only to managing backup and restore operations. Interestingly, patching is often intimately related to your backup and restore preparedness because patches often totally wreck a production system and require a hasty rollback or restore.
I don't care what it is I'm patching, I hate it. Updating router firmware? I hate it. Flashing server BIOSs? Hate it. Deploying the once-a-day Adobe Reader and Java updates? Hate it with berzerker rage. SharePoint service pack? I think that falls into the category of "I'll change careers once I regain consciousness."
Just last week, I had a network device that needed its firmware updated. The update conveniently reset the device back to factory settings! Fortunately, I meticulously document every choice in my appliances and other devices so bringing it back to normal was a fairly quick procedure. (I know what you're thinking: "Why didn't you take a backup of the firmware before updating it?" to which I answer: "DERP.") However, I was also blessed that the network device wasn't mission critical. Had it been a core component, things would have been very different.
Right now I do things pretty vanilla. My Microsoft servers are patched with WSUS and my Linux servers get patched from the distribution's official repositories. Network appliances get patched when important bulletins are noticed, but there's no set schedule and if it's not a security patch, then firmware updates are likely to be ignored for a long time. Users' application patches are a nightmware since I currently deal with small offices. I've been wondering how I would handle larger fleets of servers and appliances (and desktop PCs as well) that required more carefully managed patching and updates.
What do you use for patch management? How many different patching systems do you have? Separate ones for user applications versus desktop OS patches versus server OSs versus firmware patching? Or do you have an all-in-one solution? Do you have a set schedule for certain patches? Do you have well laid out rollback plans?
I know I'm posting this in SolarWind's patch management section, but don't be shy about speaking of another product. If you use Lumension or Secunia or a Dell KACE appliance, share it all. Personally, I've been pulled in the direction of BigFix for OSs (but not so much after IBM inhaled it) as well as, yes, SolarWinds Orion for my network devices. I'd love to hear your opinions!