A heap of blogs and articles popped up recently about the shift attackers are making to attacking applications instead of operating systems. The average medium- or large-sized business might have hundreds of applications spread across hundreds or thousands of end-user devices. The problem is propagated by the unwillingness of many organizations to remove local administrator access from users who dont absolutely need it to do their jobs. Exacerbating the problem is the tendency for IS teams to ignore desktop application patching because it is just too hard”]
Source: https://www.csoonline.com/article/2137190/playing-catch-up–again.html