I expect mostly because 'it just works'. Except now, it used to just work unless you deploy a registry key change.
This is more likely to be a problem in small workgroup environments where everyone is configured as an admin and all the credentials are the same on every machine/server.
This sort of shop generally won't have a managed patch system or test environment either so will get the patches immediately, and it's broken everything.
I see both sides of this argument, Microsoft has plugged a security hole, but it's broken something that used to work. Weird as it is, I'm kind of on Microsofts side with this one.