I've been doing my research on thin client setups and it seems like a very cool concept. Instead of purchasing and maintaining many PCs you can simply have thin clients that RDP into a Server 2008 server. All programs (Outlook, Browser, Adobe, specialty apps) are installed on the server 2008 box.
This has me thinking, is this setup inherently insecure? For example if a user downloads a PDF containing an exploit, goes to a page containing a malicious applet (assuming Java is still unpatched), or runs a malicious exe of some sort will this program be able to escalate privileges and take over the entire Server 2008 (along with all users that are RDPed in)? I assume that the programs are supposed to run as the user that is RDPed in and executed them.
In a thick client environment the worst that can happen is the malware can take over the user's PC. The malware will not affect other thick clients unless they run it.
How can I protect against this?