Proactive system security

If you suspect a security vulnerability with a Milestone product or service, please report the problem immediately.
Milestone will reply within 48 hours.

What we can do to help

Ensuring the security and integrity of all Milestone installations will always remain a top priority to us. Use this page to learn more or to contact us if you suspect you have a cybersecurity vulnerability. We minimize customers’ exposure to risk by ensuring our software and hardware is secure by design, secure by default and secure by deployment.

If a vulnerability flaw is detected, Milestone will provide mitigations and/or software updates as soon as possible with security fixes to customers and partners free of charge – provided the product is still supported.

To learn more about recent vulnerabilities and their mitigation please refer to our articles on cyber security
Article Topic Affected Products Date Published Full Article
1 Arbitrary file access on the DLNA Server XProtect DLNA Server 2019 R1 – 2021 R1 November 9 2021 Read more
2 Milestone Open Network Bridge (ONVIF) security vulnerability Supported versions of XProtect Open Network Bridge (2018 R2 - 2020 R3) April 13 2021 Read more
3 XProtect Smart Client - username on HTTP port 80 XProtect Smart Client 2020 R2 (20.2a) or older August 10 2020 Read more
4 Customer Dashboard discontinues support for legacy SSL/TLS protocols XProtect Corporate, Expert, Enterprise, Professional, Express, Essential, Go, 2016. Milestone Husky M10 (Arcus 1.0), M30 S, M50 S, M50 Advanced, M500 Advanced 2016 July 10 2020 Read more
5 XProtect Smart Client execution vulnerability XProtect Smart Client October 11 2019 Read More
6 XProtect Configuration API security vulnerability and mitigation XProtect Corporate, Expert, Professional+, Express+, Essential+ versions 2016 R1 (10.0a) - 2019 R1 (13.1a) March 22 2019 Read More
7 .NET Framework Remoting Potential Security Vulnerability XProtect Corporate, Expert, Professional+, Express+, Essential+ April 25 2018 Read More
8 Unsupported MSXML version in XProtect VMS All Jan 16 2018 Read more
9 Meltdown and Spectre attacks All operating systems Jan 5 2018 Read more
10 CCleaner 5.33 Malware Windows operating system Sep 20 2017 Read more
11 How to identify and remove default XProtect Basic User account XProtect® Express 2017 R1 (11.1a) and prior versions, XProtect® Essential 2.0 2017 R1 Aug 29 2017 Read more
12 Husky M10 privilege escalation issue Milestone Husky M10 Aug 21 2017 Read more
13 ONVIF potential security vulnerability Genivia gSOAP Toolkit versions 2.7 to 2.8.47 Jul 7 2017 Read more

Is your installation cyber secure?

The Milestone Cybersecurity Training Track will provide the knowledge and skills you need to optimally design and securely deploy your XProtect System.

Blue checkmark
Identify threats
and potential vulnerabilities
Blue checkmark
Apply security measures
Blue checkmark
Configure a secure system
Blue checkmark
Apply encryption