In the software world, patches are a constant part of life. Released at regular intervals or at times of emergency need, patches are distributed for most any high profile application sold and are primarily associated with operating systems and programs that come into frequent contact with the internet, such as web browsers. The need for patches is indisputable in light of all the security risks there are, with holes found in applications all the time. These holes can be used to exploit your computer and allow others in, either by direct hacking or a virus that is coded to use the hole and cause damage to your system.
Installing patches as soon as they are released is the simple, easy way to prevent these bad things from happening. Unfortunately, despite the simplicity of installing patches regularly, often they are overlooked. Installing patches takes time, and the busy computer user will often avoid them to skirt the need to reboot the computer after the security updates have been installed. Worse, the automatic update services can be disabled completely to avoid the perceived inconvenience of having to wait while the patches are installed.
Considering the dire necessity of maintaining security in corporate layouts, some companies choose to control the patch deployment for any computer that is connected to their network. There are policies inherent to some domain controller systems that can deny users the ability to modify the inherent patch updating service on their computers, as well as more active control systems that allow system administrators to choose when patches will be deployed and enforce that deployment by pushing the patches to client computers via an authorized patching server. As long as software is being designed by humans, there will always be the need for regular use of patches to clean up overlooked and risky bits of code.