I use WSUS to patch a number of Windows Server 2008 R2 x64. It usually works great, until today.
Last week Microsoft shipped a critical patch KB2992611 to fix critical problems in the crypto library ("the SChannel patch"). I used the WSUS deadline feature in order to deploy the patch immediately (out of office hours). However, It was soon revealed that the patch had bugs, so Microsoft shipped an updated version 2 of the patch. When WSUS picked the version 2 patch up, it immediately patched and rebooted all my production machines, since the patch was still marked as having a deadline. This was probably not was Microsoft had in mind, and it was certainly not on mine.
Best Answer
Answer: Never use the WSUS deadline feature on production servers - always update and reboot manually. Using it means risk of unplanned downtime.