Shouldn't the fact that there are exploitation frameworks for that specific attack vector (e.g. https://beefproject.com/) be motivation enough to not leave that vector unpatched?