The host is missing a important security update according to Microsoft security bulletin, MS16-026. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which improperly handles specially crafted fonts. An attacker who successfully exploited this vulnerability can either convince a user to open a specially crafted document or to visit a webpage that contains specially crafted embedded OpenType fonts.