SECURITY ADVISORY: Vulnerability in Microsoft Secure Channel (SChannel) - Critical

Dear Parallels Customer,

Please read this message in its entirety and take the recommended actions.

Microsoft has revealed a vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows. It affects a broad range of Windows operating systems, including Windows Server 2003/2008/2012, Vista 7/8/8.1, and Windows RT.

There are no known exploits that have actually used this vulnerability, however it is highly recommended to install the security patch. Please refer to the Microsoft Security TechCenter article for details: MS14-066 - Vulnerability in Schannel Could Allow Remote Code Execution (2992611).

This vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server. According to the Microsoft security bulletin at the time of issue, there was no information to indicate this vulnerability had been publicly used to attack customers.

This security update is rated Critical for all supported releases of Microsoft Windows.

To close the vulnerability on Windows-based hosts install the security patch delivered via Windows Update.
Call to Action
Install Windows security patch following the instructions provided in these Parallels Knowledgebase articles:

Parallels Plesk
Parallels Plesk Automation
Parallels Containers for Windows
Parallels Cloud Server
Parallels Virtual Automation
Parallels Operations Automation + Parallels Business Automation - Enterprise
Parallels Business Automation Standard
Parallels H-Sphere
Parallels Helm

Parallels takes the security of our customers very seriously and encourages you to take the recommended actions as soon as possible.

We also strongly encourage you to stay connected to Parallels for important product-related information via these methods:

Subscribe to Security & Product Updates
Subscribe to Support Emails
Subscribe to RSS Feeds