The host is missing a critical security update according to Microsoft security bulletin, MS16-019. The update is required to fix multiple vulnerabilities, which fails to properly handle crafted icon data and certain Extensible Stylesheet Language Transformations (XSLT). Successful exploitation allows attackers to send specially crafted icon data to a .NET service and capture data or cause server performance to degrade inturn cause a denial of service.