The host is missing an important security update according to Microsoft bulletin, MS17-001. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which improperly enforces cross-domain policies with about:blank. Successful exploitation could allow attackers to access information from one domain and inject it into another domain or elevate privileges.