The host is missing an important security update according to Microsoft advisory, 2846338. The update is required to fix a remote code execution vulnerability. A flaw is present in the mpengine.dll, which fails to handle a crafted file. Successful exploitation allows attackers to execute arbitrary code in the security context of the LocalSystem account and take complete control of the system.