The host is missing a critical security update according to Microsoft bulletin, MS14-059. The update is required to fix security feature bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web page. Successful exploitation allows remote attackers to inject arbitrary web script or HTML.