The host is missing an important security update according to Microsoft security bulletin, MS16-137. The update is required to fix multiple vulnerability. A flaw is present in the application, which fails to properly handle crafted vectors. An attacker who successfully exploited this vulnerability could elevate their permissions from unprivileged user account to administrator. The attacker could then install programs; view, change or delete data; or create new accounts. The attacker could subsequently attempt to elevate by locally executing a specially crafted application designed to manipulate NTLM password change requests.