Isn't updating both the client and server a better solution so there's no need to change the level to vulnerable?
At least that's what I see from the matrix. Also,
Yeah I see it now and agree with that, you're better off updating them both.
There's a reason Microsoft chose the word "vulnerable"...
At least run the same version of both - if you don't want to update the client.