Having done the end user computing engineering thing for quite some time, I've had to deal with Windows Update in places as large as 40,000+ PCs. There's a conundrum in the cumulative patching model -- it's super-easy for IT, but could leave some places more vulnerable.
The problem is that the more diverse a company's IT needs are, and the more proprietary software they rely on, the less able they are to just roll out a bundle of fixes to everyone and call it a day. I think Microsoft is forgetting how much some companies are relying on desktop Windows for line of business applications...it's almost like everyone there has drunk deep of the Cloud/Surface/Phone/Tablet/Web Services kool aid, and just assumed those crappy 20 year old applications have disappeared along with desktop/laptop use cases. In their minds, the only thing they have to make sure works correctly on site is Internet Explorer/Edge and Office.
Admittedly, updates are a confusing mess of semi-circular dependencies and it is very difficult for Microsoft to test even common combinations. But, making them all cumulative means this...Assume you have 10 updates in a bundle, 6 work fine everywhere, 1 breaks 40 PCs in Department A, 1 breaks the LOB app running on all 18,000 PCs you run, 1 breaks a behavior in IE some junky internal web app running on 2,300 PCs and 1 breaks the CEO's computer. All those computers have to wait until the problem is solved to get the protection for the 6 vulnerabilities, and they will continue to be unpatched since the bundle is cumulative.
The other thing I'm not a fan of is the removal of any sort of information about what gets patched. There used to be comprehensive descriptions of what was patched, and companies who knew what they were doing could direct testing to the right application groups. That's the other thing that's going away this month. We're a big Microsoft shop so we're pretty much resigned to upgrading to Windows 10...I guess we'll see what happens. Microsoft's been trying to cremate Windows 7 ever since early this year, messing with support dates and not backporting features. We'll see if Microsoft's "update rings" strategy that they're recommending everyone migrate to is workable.