That's the point - you don't need to know your stack. You don't need to worry if CUPS is installed, enabled, or listening on your interface. You don't need any of that, as long as you do the bare minimum and configure your firewall.
Seriously, anyone who disagrees with that ends up with even bigger problems, like getting hit by ransomware. You, not some developer or Linus Torvalds or anyone else, are responsible for your client and your data. If you put your server on the internet without securing it properly, you deserve to get owned. Your negligence ends up hurting other people.
Is that so hard to understand? You have to take security seriously. My point is that a firewall is the bare minimum you should be thinking about when setting up your server.
Correct me if I'm wrong, but to be affected, don't you need to have UDP port 631 exposed to the outside world? Apologies for being a bit blunt, but if you're exposing services like printing to the internet that shouldn't be exposed, well, then... you kind of deserve to get owned, right?