The host is missing a critical security update according to Microsoft security bulletin, MS12-045. The update is required to fix a remote code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted XML data that triggers access to an uninitialized object in memory. Successful exploitation could allow attackers to execute arbitrary code.