I don't care about updates because I wouldn't forward a port to a Windows Server if my life depended on it. It just provides services to my internal network and for that roll I think it is quite luxurious and simple. All my Windows clients now automatically get IPv6 addresses, all of that is kept up to date with DNS, adding reserved addresses to DHCP is easy as hell, Active Directory works with NIS for Linux/Unix machines so I have the ability to sign on anywhere in the house, it has Federation Services as a part of Active Directory so my credentials on the system can also be used in web applications as well. Windows has a horrible security record, but for an internal backroom server doing authentication work for the Unix machines actually dealing with the requests I think the system is great in the right place.
Another bonus about the system and its very friendly management tools is that you can hire absolute dolts to do work involving accounts and such when you have lots of them. I am talking about people that are dumber than accountants - these people can ease the Administration workload as far as bullshit problems with bullshit users go, so that is always a good thing. And they can play minesweeper while doing it.
Yet I don't think the situation with updates is all that bad, my server has no problems, service packs don't come that often and when they do Microsoft release critical security updates for the old service packs for quite some time anyway. Often it is preferred to install them manually when they can make third-party shit incompatible.