The host is missing an critical security update according to Microsoft security bulletin, MS14-076. The update is required to fix a security feature bypass vulnerability. A flaw is present in the application, which improperly compare incoming web requests against the "IP and domain restriction" filtering list. Successful exploitation could allow attackers to access a website that an IIS administrator believed was restricted.