This host is missing an important security update according to Microsoft advisory (2905247).
Successful exploitation will allow remote attackers to use specially crafted HTTP content to inject code to be run in the context of the service account on the ASP.NET server. Impact Level: System/Application
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/advisory/2905247
Flaw is due to the view state that exists when Machine Authentication Code (MAC) validation is disabled through configuration settings.
Microsoft .NET Framework versions 1.1, 2.0, 3.5, 3.5.1, 4.0, 4.5 and 4.5.1
Get the vulnerable file version and check appropriate patch is applied or not.
- Microsoft Windows ActiveX Control Multiple Vulnerabilities (2647518)
- Sophos Anti Virus Check
- Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability
- Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vulnerabilities
- Microsoft Unauthorized Digital Certificates Spoofing Vulnerability (2728973)