I assume you have a test-pilot-production method for patches. I also imagine a lot of these older patches are on some servers, but not all, which somewhat proves that they work in your environment.
During your next patch window in July, you might want to exclude July's updates and only deploy old updates. A month at a time, or however you create your policies, create new Software Update policies and include the missing bulletins. Use your Compliance by Bulletin report and set a cut-off, like all bulletins with more than 10 computers vulnerable -- or maybe your cut-off is "with at least 1 vulnerable." Then select these bulletins for policies and apply them to your test group.
After you apply all the policies (likely around 50 if you have current operating systems and Service Packs, but were missing everything but last year from a policy perspective), test the whole group of 50 policies all at once. Once it passes testing, move to pilot, then production, according to the procedures at your company. Then report and monitor for success. Exporting the Compliance by Bulletin report to Excel and using Conditional Formatting to find the worst bulletins by % and worst bulletins by count is a helpful process.
Report to management for accountability. You will be the hero for finding the issue and resolving it.
This is how I would resolve it without SCCM or Microsoft tools.