This host is missing an important security update according to Microsoft advisory (2862152).
Successful exploitation will allow an attacker to intercept the target user's network traffic and potentially determine their encrypted domain credentials.
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/advisory/2862152
The flaw is due to improper verification of DirectAccess server connections to DirectAccess clients by DirectAccess.
Microsoft Windows XP x32 Edition Service Pack 3 and prior Microsoft Windows XP x64 Edition Service Pack 2 and prior Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior Microsoft Windows Vista Edition Service Pack 1 and prior Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 x32/x64
Get the vulnerable file version and check appropriate patch is applied or not.
- Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512)
- Microsoft IIS Authentication Remote Code Execution Vulnerability (982666)
- Cumulative Security Update for Internet Explorer (956390)
- Microsoft Data Analyzer ActiveX Control Vulnerability (978262)
- Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2879017)