My 4 stages to patch Windows servers:
Read the introduction to the new hotfix or patch on Microsoft website, to figure out what it is for, restart needed or not…And Google the keyword to check whether anyone has an issue after installing the latest hotfix or patch.
Install the latest patch on a test box, and take notes on somthings like how long it takes, dependency packages requirements. Verify the test server still running well after.
Firstly make sure the data on the product server have been fully backuped. Then, do some extra protection if it is applicable (e.g. Pull one disk out if it is RAID 1 protected server, or take a snapshot if it is aVirutal server). Lastly, install the patches starting from the non-critical boxes. And onsite installation is preferable, as the server may lost the connectivity while installing some patches.
Verification and Monitoring Stage
Confirm all services running on that box still work properly. And keep track of the system log closely in the next couple weeks.