This host is missing a critical security update according to Microsoft Bulletin MS10-071.

Successful exploitation could allow remote attackers to gain knowledge of sensitive information or execute arbitrary code. Impact Level: System/Application

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/Bulletin/MS10-071.mspx

- The browser allowing for automated, scripted instructions to simulate user actions on the AutoComplete feature, which could allow attackers to capture information previously entered into fields after the AutoComplete feature has been enabled. - An error in the way the toStaticHTML API sanitizes HTML, which could allow cross-site scripting attacks. - An error when processing CSS special characters, which could allow attackers to view content from another domain or Internet Explorer zone. - An uninitialized memory corruption error when processing malformed data, which could allow attackers to execute arbitrary code via a malicious web page. - The Anchor element not being removed from the editable HTML element during specific user operations, potentially revealing personally identifiable information intended for deletion. - The browser allowing scripts to access and read content from different domains, which could allow cross-domain scripting attacks.

Microsoft Internet Explorer version 6.x/7.x/8.x

• http://support.microsoft.com/kb/2360131
• http://www.microsoft.com/technet/security/bulletin/ms10-071.mspx
• http://www.vupen.com/english/advisories/2010/2618

---

Updated on 2015-03-25