The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in the application, which fails to properly validate and enforce impersonation levels. An attacker could exploit this vulnerability by convincing a user to run a specially crafted application that is designed to cause CNG to improperly validate impersonation levels, potentially allowing the attacker to gain access to information beyond the access level of the local user.