Is it a good idea to install SQL Cumulative Updates (CU) as soon as those are released?.
It depends on what it fixes. New security threats arise daily. However, in general in the small print to each CU Microsoft has usually advised that customers should not install a particular CU unless they are experiencing the specific issues the CU corrects.
However, you should at least try to be up to date with the latest Service Pack
In its recent CUs update KBs Microsoft now recommends to implement CUs as those are released:
• SQL Server CUs are certified to the same levels as Service Packs, and should be installed at the same level of confidence.
• Historical data shows that a significant number of support cases involve an issue that has already been addressed in a released CU.
• CUs may contain added value over and above hotfixes. This includes supportability, manageability, and reliability updates.
• You may require a specific update in order to resolve a specific application issue.
Be wary of all patches. Keeping up with patches is worth doing but do it on a planned basis. Microsoft is constantly fixing issues, so take advantage of their hard work, but unless its critical then my advice is to first verify the patches don’t degrade your system. Bugs can still exist in patches, when run on your specific environment, as with all software, so test in your own environment. That means you need a test plan, preferably an automated test plan. If you can’t test, if you’re busy, if this is a month you can’t afford for things to fail, then don’t install the CU. This is like throwing your own developers’ code into production without any testing.
Make sure you know what is being changed, and look for obvious problems. No one will be too upset about an obscure issue with little impact or frequency of occurrence, but if your normal scheduled jobs suddenly start failing, then you’ll dramatically reduce the user confidence.
