Milestone XProtect .NET Remoting Deserialization Vulnerability Hotfix Advisory

Vulnerability Key Information Vulnerability Name: XProtect® VMS: .NET security vulnerability (hotfixes for 2016 R1 - 2018 R1) Vulnerability Description: - Affected Components: Recording Server, Management Server, Management Client in XProtect® (Corporate, Expert, Professional+, Express+, Essential+) - Vulnerability Type: .NET Framework Remoting deserialization level - Impact: Possible privilege escalation and/or Denial-of-Service if affected ports are exposed. Affected Versions: - 2016 R1 (10.0a) - 2018 R1 (12.1a) - Fixed Version: 2018 R2 (12.2a) Solution: - Hotfix Installation Steps: 1. For existing XProtect installations: - Install hotfix packages in sequence to minimize downtime: - Patch all Recording Servers first (each server requires a restart), including Failover Recording Server. - Then patch the Management Server (each server requires a restart). - Note: Management Client also has a patch available. 2. For XProtect upgrade installations: - Upgrade sequence: Patch all Recording Servers first, then upgrade the Management Server, and finally upgrade the Recording Server(s). - Note: For 2018 R2, patches must be applied before upgrading the environment. Download Hotfix: Download links provided Other Notes: - Only C-code group products are affected: Corporate, Expert, Professional+, Express+, Essential+. - Recommended to contact a Milestone Partner for installation verification and compatibility checks.

Goal Reached Thanks to every supporter — we hit 100%!

Milestone XProtect .NET Remoting Deserialization Vulnerability Hotfix Advisory