Fixed! Hotfixes to the issues you experience most often
Monday, 30 April 2018
Author: Toyah Hunting
We occasionally experience bugs in our software and perform hotfixes to sort them out before eliminating them in the next of the three product updates we release every year.
We have recently made the following hotfixes and troubleshooting articles.
Click on the link to find out what to do if this is a problem you have experienced:
The Recording Server, Management Server and Management Client in XProtect® (Corporate, Expert, Professional+, Express+, Essential+) use an exploitable .NET Framework Remoting deserialization level. Elevation of Privileges and/or Denial-of-Service are possible if the affected ports are exposed.
Hotfixes have been released for versions 2016 R1 (10.0a) through 2018 R1 (12.1a) and the issue is fixed permanently in 2018 R2 (12.2a). Systems running an XProtect version older than 2016 R1 must upgrade to the 2016 R1 product version or later and apply the relevant patch to mitigate this vulnerability. It is recommended to install the hotfixes if you use any of the affected XProtect products.
For more information (list of ports, etc.), check KB 4218, "XProtect®: .NET security vulnerability."
Please note that only XProtect products from the C-code group are affected: Corporate, Expert, Professional+, Express+, Essential+. The E-code products (Professional, Express) are not affected.
Have a question about the Milestone Technical Support Policy?
We aim to provide consistent and predictable guidelines for product support availability from a product’s release and through its lifecycle.