Yea after looking further it is clients as well because of sysplant:
SEP is susceptible to a local denial of service due to a deadlock condition in sysplant.sys. A local user can create a local denial of service by running a specifically formatted call resulting in the windows system unable to fully shutdown. Resolution requires a hard power cycle to shut down and restart the system.
SEP is affected by potential dll loading issues resulting from improper path restrictions in some file directories not properly restrict the loading of external libraries. An authorized malicious local user with access to a system could potentially insert a specifically-crafted file in one of the susceptible directory. Such an attack would then need to entice an authorized user to load a specifically formatted file from an alternate file location or network share. Successful exploitation could allow unauthorized arbitrary code to be executed with system permissions.