The host is missing a critical security update according to Microsoft bulletin, MS14-067. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which improperly parses XML content. Successful exploitation allows attackers to run arbitrary code and install programs; view, change, or delete data; or create new accounts with full user rights.