The fact that there careless and/or overworked people at all levels of IT? Or ones badgered into giving admin access to users who are completely unqualified to have it? Or that there are privilege elevation vulnerabilities that could be layered with this?

Our defenses are done in layers in the hopes that getting through one doesn't give them the keys to the castle, but when something this fundamental gets screwed up by careless bullshit from a huge vendor? It makes me wonder why we bother.