Of course my first question (beyond “who trusts Microsoft?”) is who would apply patches to their entire farm without patch testing first?
It depends. If you have 100 servers, it only makes sense to test it on a select few (non-production) first. What about if you have 5 servers and they're all production critical (yeah, that's another, different problem)?
Sure would be nice if one could trust the supplier.