Removing cupsd on desktops has long been a part of many orgs security policy, and servers shouldn't have it installed in the first place.  

Having packages installed that aren't being actively used is a big attack surface, as this exploit shows.