Symantec Security Threatcon Status for 2012-07-14

The ThreatCon is at level 2. Microsoft has released their scheduled security advisories for July 2012. There have been no reports of newly discovered exploitation in the wild.

A vulnerability has been discovered in Parallels Plesk Panel which allows the administrator password to be recovered by an attacker. The code to exploit the vulnerability is in the wild. Customers are advised to install the patch as soon as possible.


On July 10, 2012, Parallels has released a fix for its Plesk Panel application to correct a previously unknown vulnerability which allows the administrator password to be recovered by an attacker. The code to exploit the vulnerability is currently being sold on the internet and potentially allows passwords to be compromised.

Customers are advised to apply the fix as soon as possible.

Microsoft Security Bulletin Summary for July 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-jul

CVE-2012-1889 in Action
http://www.symantec.com/connect/blogs/cve-2012-1889-action

Plesk 0Day For Sale As Thousands of Sites Hacked
http://krebsonsecurity.com/2012/07/plesk-0day-for-sale-as-thousands-of-sites-hacked/

Parallels Knowledge Base (113321)
http://kb.parallels.com/en/113321