Supposing I know a someone who has the following setup, what would the threats to his network be?

A W2K3 network, with WinXP and W2K clients (using IE6). The software update service has been disabled because the manager believes the patches are to difficult to manage, but all servers and clients have the latest service packs and up to date AV software with regular signatures installed. The PC’s are semi tied down by group policies but there is no policy regarding USB mass storage devices. External email is filtered through an external company for spam and viruses, and all web traffic is directed through a proxy server and then a firewall. Internally there are IIS servers, SQL Servers, Exchange Servers

All switches, routers and firewalls have no additional patches and there is a secure gateway serving applications via citrix secure gateway.

As I’ve said, I would appreciate it if anyone could post any suggestions of the threats to this network both internally and externally, I have a few idea’s but I know the guys that use this site will know a whole lot more.

Many Thanks

T.