Out-of-scope vulnerabilities 

Some vulnerabilities are considered outside the Milestone vulnerability management policy. Please don’t report on the below vulnerabilities: 

• Unsupported products or services that have reached the “Terminated” state 

• Vulnerabilities in third-party plug-ins or integrations, for example plug-ins installed in the VMS’ event server or clients. 

• DLL-hijacking/DLL-sideloading vulnerabilities for Milestone products running on Microsoft Windows operating systems. For more information, see the following article. 

• User misconfiguration that could be prevented by following Milestone guides, training, and best practice recommendations: 

  • XProtect VMS hardening guide

  • XProtect VMS certificates guide 

  • eLearning - Ensuring Secure Systems 

• Vulnerabilities that have highly privileged account permissions as a prerequisite.

• Vulnerabilities in Microsoft Windows.

• Vulnerabilities in any third-party software installed in Microsoft Windows