A week ago (11th November 2014) Microsoft released a patch for of the one most critical Microsoft vulnerabilities seen in a long time – MS14-066. The vulnerability is in the Schannel (Microsoft Secure Channel) component, which is present in pretty much every version of Microsoft Windows, including the unsupported Windows XP and NT. The vulnerability may allow remote code execution by an attacker, but what makes this vulnerability stand out as a particularly more serious than the typical Microsoft remote code execution vulnerabilities, is it can be exploited directly via a network connection, and there is nothing which can be done to mitigate it, other than switching off or network disconnecting your Windows system.
Another golden rule of patching is to have a back-out plan, any patch carries a risk of breaking systems and applications, even with testing, so there should always be written plan to roll back critical systems should a patch cause an issue.
High Risk of Confidentiality Compromise (unpatched) Vs Low Risk of Availability (patched)