at the time, there were some bugs that hit Windows Servers users when applying these January updates. This could well have meant that many system administrators, including those within federal agencies, opted to delay the process.CISA has given federal civilian executive branch agencies just two weeks to comply and patch their systems to mitigate the risk from this actively exploited Windows vulnerability.
However, CISA also 'strongly urges' all organizations to prioritize this particular patching process as it says these vulnerability types are"a frequent attack vector for malicious cyber actors of all type." Given that this type of emergency directive is not exactly an everyday occurrence, I would concur that patching sooner rather than later, wherever possible, is the prudent course of action in this case.