I updated my Ubuntu machine, a desktop, to the newest kernel updates which includes a security patch to "Dirty Cow". Supposedly Dirty Cow is a vulnerability which if exploited can raise non-root users to root.
I also availed of Canonical's livepatching offer for its customers. You can check out this page. Follow the steps and your Ubuntu machines can download and install kernel updates without rebooting. Also if you are running 16.04 LTS then you have defaults for downloading and installing security updates everyday. You don't have to do anything. Your computer will check updates, download them and install it for you in the background.