This host is missing a critical security update according to Microsoft Bulletin MS14-035.

Successful exploitation will allow attackers to conduct session hijacking attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. Impact Level: System/Application

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/bulletin/ms14-035

Multiple flaws are due to, - A use-after-free error when handling CMarkup objects. - An error when handling negotiation of certificates during a TLS session. - Improper validation of certain permissions. - and multiple Unspecified errors.

Microsoft Internet Explorer version 6.x/7.x/8.x/9.x/10.x/11.x

Get the vulnerable file version and check appropriate patch is applied or not.

• http://secunia.com/advisories/58768
• http://www.osvdb.com/107851
• https://support.microsoft.com/kb/2957689
• https://support.microsoft.com/kb/2963950
• https://technet.microsoft.com/library/security/ms14-035

---

Updated on 2015-03-25