Milestone fix available for potential security vulnerability

April 25th, 2018 by Amy Watkins

If you’ve got Milestone XProtect Corporate, Expert, Professional+, Express+ or Essential+ and it hasn’t been updated recently then your system could be vulnerable.

Milestone have advised that in certain setups where a set of specific ports are open, this can be exploited to achieve elevated user rights and/or interrupt user’s access to the system.

How to mitigate this vulnerability

The good news is that this can be fixed either by a patch to your existing software or by upgrading to the new version.

Download a patch

Patches are available for versions 2018 R1, 2017 R3, 2017 R2, 2017 R1, 2016 R3, 2016 R2, 2016 R1. More info here. Contact us for the download and assistance (we are a Milestone Platinum Partner).

For those an older version, you’ll need to upgrade to version 2016 R1 or later before installing the patch.

Install with the patch already included

When you upgrade your installation to the 2018 R2 version (available on 7 June), the fix for the vulnerability has been already built in. You will be able to access the installation files here.

NW Platinum Support customers, rest assured that we’re already working on this patch as part of your care package.