If you upgrade early and often, life will be tough but consistently so. If the operation is big, roll the patches. If you know there's a problem ... it should never take 3 months to fix. If it takes you 3 months to deploy a software update you have 2010 procedures in 2017.
This is my motto. I have the suspicion that Microsoft and other companies don't QA older software as hard as their latest & greatest.
Some folks say I'm crazy but I auto-approve all security updates in WSUS. In 5 years at my company, updates have only broken important software twice. In both cases I just uninstalled the updates with WSUS and everything was okay. In today's environment, I feel that the risk of not patching is greater than the risk of patching—even when you consider buggy software.