Intel Meltdown / Spectre Patch Tested on Avigilon, Exacq and Milestone VMSes

Author: IPVM Team, Published on Jan 23, 2018

Significant concern exists about the impact on VMS servers and video surveillance systems of patching the Meltdown and Spectre flaws. Generally, reports have claimed a significant increase in CPU loads, though the amounts have varied depending on the source and services being used. This could be very problematic for VMS servers as it risks problems in recording, watching or playing back video.

Meltdown / Spectre Summary

Meltdown is a flaw in protections allowing unauthorized applications to access OS kernel protected memory. Spectre allows unauthorized applications to trick other programs into divulging private data. For technical details on these, see The Meltdown and Spectre CPU Bugs, Explained or various other online tech sources.

How To Patch

Users may see if their Windows machine is vulnerable using PowerShell, following the steps in this guide.

If so, in order to avoid both of these vulnerabilities, users must install two updates:

  • Windows Update KB4056892: This update should have been included in regular Windows Updates as of early January. This fixes the Meltdown vulnerability.
  • BIOS update: To fix the Spectre vulnerability, users must update their system BIOS, provided by their hardware manufacturer.

However, many devices have not yet received a BIOS update. Out of four different hardware manufacturers we checked (Acer, Asus, HP, and Intel NUCs), only Intel had released a BIOS update for our machines.

Tests Performed

IPVM measured CPU load of server and client processes prior to applying Windows and BIOS updates, and again after updating, using two configurations:

  • Recording only, 25 cameras, ~150 Mb/s
  • Recording and viewing, 10 cameras, ~30 Mb/s

Test Machine Specs

IPVM tested on three separate machines, all with the same hardware configuration, as follows:

  • Operating System: Windows 10 Pro 64-bit (10.0, Build 16299) (16299.rs3_release.170928-1534)
  • BIOS: RYBDWi35.86A.0350.2015.0812.1722 (pre-update)/RYBDWi35.86A.0368.2017.1220.0950 (post-update)
  • Processor: Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz (4 CPUs), ~3.1GHz
  • Memory: 8192MB RAM

Note that these machines are fairly high spec, with relatively new processors (1-2 generations old). Older generation processors and lower spec machines are likely to see a greater impact.

Inside this report, we examine the results achieved across Avigilon, Exacq and Milestone plus our recommendations.

*********** ******* ****** ***** *** ****** ** *** ******* *** video ************ ******* ** ******** *** ******** *** ******* *****. Generally, ******* **** ******* * *********** ******** ** *** *****, though *** ******* **** ****** ********* ** *** ****** *** services ***** ****. **** ***** ** **** *********** *** *** servers ** ** ***** ******** ** *********, ******** ** ******* back *****.

Meltdown / ******* *******

******** ** * **** ** *********** ******** ************ ************ ** access ** ****** ********* ******. ******* ****** ************ ************ ** trick ***** ******** **** ********* ******* ****. *** ********* ******* on *****, ****** ******** *** ******* *** ****, *********** ******* ***** ****** **** *******.

How ** *****

***** *** *** ** ***** ******* ******* ** ********** ***** PowerShell,********* *** ***** ** **** *****.

** **, ** ***** ** ***** **** ** ***** ***************, users **** ******* *** *******:

  • ******* ****** *********: **** ****** ****** **** **** ******** ** regular ******* ******* ** ** ***** *******. **** ***** *** Meltdown *************.
  • **** ******: ** *** *** ******* *************, ***** **** ****** their ****** ****, ******** ** ***** ******** ************.

*******, **** ******* **** *** *** ******** * **** ******. Out ** **** ********* ******** ************* ** ******* (****, ****, HP, *** ***** ****), **** ***** *** ******** * **** update *** *** ********.

Tests *********

**** ******** *** **** ** ****** *** ****** ********* ***** to ******** ******* *** **** *******, *** ***** ***** ********, using *** **************:

  • ********* ****, ** *******, ~*** **/*
  • ********* *** *******, ** *******, ~** **/*

Test ******* *****

**** ****** ** ***** ******** ********, *** **** *** **** hardware *************, ** *******:

  • ********* ******:******* ** *** **-*** (**.*, ***** *****) (*****.***********.******-****)
  • ****:********.***.****.****.****.**** (***-******)/********.***.****.****.****.**** (****-******)
  • *********:*****(*) ****(**) **-***** *** @ *.***** (* ****), ~*.****
  • ******:****** ***

**** **** ***** ******** *** ****** **** ****, **** ********** new ********** (*-* *********** ***). ***** ********** ********** *** ***** spec ******** *** ****** ** *** * ******* ******.

****** **** ******, ** ******* *** ******* ******** ****** ********, Exacq *** ********* **** *** ***************.

[***************]

Test *******

** *** *****, ******** ****** **** ** ***** *** ******* vulnerability *** * *********** ****** ** *** ****, ********** *** load ** ********* ******** ** ** **** **-**%. ****** ** server **** **** ******* **** ** ******** ***** *** **** more ***********, ****** ******** *** **** ** *** ****** ***** systems ***** ******** *** ***** (** ******** ** **-**% ****). Applying *******' ******** ****** ** ***** ******** ***** *** * negligible ******, ********** **** **** **** *%.

****** *******, ** *** ** *** ******* **** ***** *******/******** updates, **** ** ******* ******, **** ******* *****, ******** ** video, ** ***** *** ************ ***** *** ***** **** **********. However, **** **** *** ******* *** **** **** ** **** testing *** ***** ***** **% ***********. ***** **** ****** ********** systems ** ***** **** ******* *** *** ****** ** ***** camera ******/***********.

***************

******* ** *** *********** ****** ** **** ******* ** *** load, ** ******** ********* **** ***** ** ****** **********/****** ****** count ******* ****** ***** ****** *** ******** ***** ** ********. Those ********* ******* ** **-**% **** *** ****** ** ******** to **-***%, **** *** ********* *** ****** **** ******.

***** **** *** ****** *****/********** ******* *** ****** ** *** little *********** ********** ****** **** ******* ******* ** *** ****** machine.

Intel ***** ******** ******* - ****** *****

******* *** **** ******* **** ****** ****** ****** ** ******* machines (****: **** *** *** ********** ****, *** ** *** be ******** *********). ***** ******** * ********* ** ******* **** that**** *** ***** ******** **** ********** **** ****** **** ******* ******* ****. ******* *********** *** that *** ******* ******* **** **** ******* ******* *********** *******, and ***** ** ************ ******** ** ******** ** **** **** the ******* ******* ** *** **** **** ** *********** *******.

Biggest ******: **** ******

** ***** ** ***** ****** *** ******** *** ******* ***************, users **** ***** **** ******* ******* *** **** *******. ** these ***, *** **** ****** *** * *********** ****** ** CPU ****, ***** ******* ******* *** ******* ******, **** ***** 1% ** *** ***** ******, **** ********* *** *******.

Significant ****** ** **** ********** ****

** *** ***** ** ** ****** *******, ~*** **/* ***** throughput, ****** ******* *** **** ********* ************* ***** ******** *** BIOS ** **** *******, **** *********** ************ ********** ** ~*% and ********* ******** ********* ** ~**%.

**** **** ** ******** ** ****** ** *********** ** ****** VMS ****** ******* (******* ******, **** *******, ********/******* *****, ***.), but ***** **** ****** ********** *** *** ****** ** **** jumps ***** ********.

Low ********** ********* *******

******* **** ** ******* ** ***** ** **/* *****, ****** load *** ***** ********* **** *****, *** *************** ****** **** 24 ****** *******, **** ***** ********** ** *% **** (* 50% ********) *** ********* ** *% (* ~**% ********). *******, Avigilon ******* ****** ****** *************, **** ~*% ** *%, *** as **** ****** ********** *******, ***** ********* *** *** ****** in ********** *********** ******.

Live **** ******* *** ******

*** **** ********* *** ***** ******* ***** ***** ******* **** far **** ***********, **** ******** *** ***** ********** ** **-**% when **** ******* ** ******* **** *** ******* ** *** recording ******. ********* ********* ** ***** *** **** *** **** percentage, *** * *************** ******* ******.

Test ********* ****** ********

***** ** *** ******* ***** ** *****'* **** ******* **** would ******* ***** ** **** ********* ****** ******** ******* ** production ********. ***** *** ****** ***** **** ** * ***-********** environment *** **** ** **** *** *** ******* **** ******* to ******** **** ** ************* *******.

Manufacturer ********

**** *** **** ** ************* **** *** ************* ********* *********** impacts **** *******. ** ***, ************* **** ********* **** *** still ** *** ******* ** *********** ******* *********** ******, *** recommended ********** *** ******** *******.

Comments (21)

John Honovich

IPVM | 01/23/18 05:48pm

**** ** *** **, ** ***** *** ******* / *****, you ******* *** **** * *********** ******* ** **** ***? Replace *** ***? ******* *** ******? **** *** ***'* ********* options?

Thumbnail brk1

Brian Karas

IPVM | In reply to John Honovich | 01/23/18 05:55pm

** ** **** ** *** **** ******* **** ***** ******** so ***. ** **** *****, *** *** ** **** ** upgrade ** * ****** *********. *********, ********* ** ****** *** (if ********) *** **** ****.

***** *** ************* *** ***** **** ***** ******** ** ****, I ***** ***** *********** ** ********* **********, ** *******, ** much ** ********. ** ***** **** *** **** ****** ******** are *** **** ********* ******** *** ***** ********, ** *** would ****** **** ** ***** * ****** ***** ** **** CPU ** ****** *** ****** ************ **** **** *** ** processor ***********.

****, **** *** *** **** ********* ** ***, *** ** the ****** ** ********** ******** ************ (*.*.: *** ****** *** also ****** ******* ******, ***.), ** *** ** ****-********* ** off-load **** ************ ** ***** ******** ** **** ** *** for *** **** ***.

Undisclosed Manufacturer #4

In reply to John Honovich | 01/26/18 04:33pm

**** ********* **** ** *** **** *** ****** ** *** one ** **** ****** ***** ** * ****** ******* ** increase ********** *****. ********* ************* **** ******** *** ***'* *** uses *** *** ******** *****. *** *** *** **, ****

**** ********* **** **, *** **** *** ****** ** **** one ** **** ****** ***** **** **** ********* ******* ** offload *** ************* *****. **** ** *** *** *** **** mid-summer ** * *** ** * *** *** ***** ******** now, *** ** ***** ** ** * **** *** ********** low-cost ****** **** ** ****.

Thumbnail tompic

Tom Sharples

01/23/18 06:13pm

*** *** ***** ******** **** ** ***** ** * ****** environment **** ** * *** ******? ** *** ** ***** to ** ***** *** ** **** *** *** ** ****** random ****, ** ** * ******* *********?

Undisclosed Integrator #2

In reply to Tom Sharples | 01/24/18 01:38pm

************* **** *** **********'* ***** ** ****, ******** ******** *** not ** ****** ************ *******.

** *********** *** ******* ******* ******* ******** ******** ** ***** segments ** *** *******, *** ********* *** **** *** **** to *** ******** ** **** ****** *** ****** **********, ****** monitoring ** ********** ****** *****.

Undisclosed Integrator #1

01/23/18 07:07pm

****** ** ****** **** **** ******* **** ** ******** ***** was **** **** ***********, ********** *** **** ** **-**% ** low ****** ***** ******* ***** ******** *** *****

******* ** *** ******* ************* *** ** * ************* **** right? *'* ****** **** ** ***** ** **** ** **'** at **% **** ** ** ******* ** **%-**%.

Thumbnail profile pic

Ethan Ace

IPVM | In reply to Undisclosed Integrator #1 | 01/23/18 10:19pm

***, ****'* *******. *'** **** **** ** **'* **** *****.

Thumbnail 20180219 112642

Rob Kilpatrick

IPVM | IPVMU Certified | In reply to Undisclosed Integrator #1 | 01/23/18 10:28pm

***, *** **** ******* ** *********.

*** *******, *** ***** ****** ** *** *** ********** **** increased ** *% *** *****, ***** **** *% ***-***** ** 12% **** *****, **** *** * **% ********.

Bob Schenck

IPVMU Certified | 01/24/18 04:18am

*** ******* ***** *** **** **** ******* ** ***** ******** code **** ** ******* * ****** *******. ****, **, *** Lenovo **** *** ******* *** ****** **** ******* **** ***** downloads *** *** ************ ****** *** ********* **** ** **** back. ** *** ******** ******* **** ****, *** ****** ** back *** ***** ** ** **** *** ****'* ******* * version **** *** **** *********.

**** *** ** ***** *****’* ******* ***** **** ****** ****

Michael Miller

01/24/18 02:39pm

“** ********* **** ****, ***** ******* *********, ****** *************, ******** vendors *** *** ***** **** ********** ** ******* ********, ** they *** ********* ****** **** ******** ******* *** ***** ************* system ********,” ** *****.

*****://***.**********.***/*****-*******-*********-**-****-**********-***************-******/*******/******/

Thumbnail ack head zy

Alex Knapik

Milestone Systems | 01/24/18 11:11pm

****** **** * ******* *********** **********, *** ******* **** **** Milestone ***** ****** ******** ************ *******? ** ***** ***** ** reason *** ***** *** ****** ***** ** **** **** **** if **** ***** ***** **** ** ****** *** ******...

Undisclosed Integrator #1

In reply to Alex Knapik | 01/24/18 11:17pm

****, ***** *** *** **** *********, **** **** **** ******** testing ****?

Thumbnail me

Campbell Chang

01/25/18 01:25am

***'* ******* *** *** ***** ** *** ***** ******* *** retest ****?

***** *** **** * ***** *** ********** ******** **** ******** affects ******** ******* *** ***** ******** ********** ** ****. ** I'd ** ***** ******* ** **** *** *** **** *** Meltdown ***** ******* *** ***** ** *******.

Undisclosed Manufacturer #3

01/25/18 11:17am

** *** ********* ********** **** ********* *** ********** **** ********* whether ** *** ** ******** ******** *** **** *******.

*** ****** *** **** ** **** ** **** *** ********* to **** * ******. **** ** *** ********* **** ********** disconnected ******** *** **** *** **** **** ******* **** **** can ** ********* ** ***** ********, **** *** ********.

** ** **** ** **** ** **** ** *** ********* security ******* ** **** ** *** ****** ******* *** ********* actions.

**** ***** **** ******* ** *** ******, **** ** *** customers **** **** ** ** ********* *** **** ********* ******** if ***** ** ** *** ****** *** **** *******.

Tim Cook

IPVMU Certified | 01/25/18 02:25pm

**** **** *************, *** ** ****** ********* ***** ** *********/***'* with ***** ***** ** **** *******/***** *******?

*** ***** *** ******** ************* ** ***** **** *******?

Thumbnail brk1

Brian Karas

IPVM | In reply to Tim Cook | 01/25/18 02:36pm

***** *** ********* ***************, ** **** *** ****** *** ** really.

***** *** ********* ** ********, ******** ******** *** **** * *** ******** ** ***** ** this.

Undisclosed Integrator #1

In reply to Brian Karas | 01/26/18 02:34am

*****,

**** **** * **** **** ******* ** ******* * **** smaller *** ** *** ***** *** ******** ** ****. **** this **** *** ********* ****** ** ******** ****/**** ** **** their ******** ****** ******* ****?

Thumbnail brk1

Brian Karas

IPVM | In reply to Undisclosed Integrator #1 | 01/25/18 09:40pm

***, **** *** ***** *** ******** ****. ******** ********* ** the **** **** ** *** ***** *** ** **** ******** software/apps/etc., *** ******* ********** ******** ** ******** ******** ****** *** less ****** ** ** ********. * ****** ** ****** ***** that *** ** *** **** ****** **** ******, ***, ***, open ***** ** ******** ***** ****** * ****** ******** ** the ******.

********* ******** **** ** **** ********* ******** ***** ******** ** the ****** **** ** ******** ** ******** ***** ***************. (**** it *** *** *********** **** ** ** *********, ** ***** have **** **** *******-***** ***'*). **** **** ******** **** *** do *** **** * *** ** **** ****** ******** ** even ******* * *******, ** **** *** ***** **** **-***** systems ** **** ******.

**** **** ** **** *** ***** ** ***** ** ******* knowledge ** *** *************** *** ********. ** **** ******* ***** these *************** ********* ***** *****-*** ******* ***** ***** ** *** exploits ******* **** *** ******** **** ** ******* ****.

bashis mcw

01/29/18 07:44pm

** ** ******* *** *************, **** ** * *** *****... sure **'* ******* ***, **** *** **** ******* ** ********* executing ** **** ****.

Thumbnail me

Campbell Chang

In reply to bashis mcw | 02/01/18 05:01am

*** ******* ***** *** ** **** ** *** *** *** itself *** *** ********* *********** ** *** **** **** ***.

** ****** ****, ******* *** ******** * ******** ** **% performance */* ********* *****. **** ** ***** *** **** ***** with ******** *** ******* ****.

Boris Biryuchkov

02/01/18 04:24am

* ***** ** ********* ** ******.

******** **** ** *** (*********) *****'* **** ********/******* *** ********* on *** ***** ******* (****** **** ****** ** *** ****).

***** ** **** **** ******** (********.***.****.****.****.****) *** ****** *****.

*** **** **** **** ****** ***** ** ********://**************.*****.***/*****/***/********************.***

** ***** ********* *** **** ***** (*********)

*****://**************.*****.***/*******/*****/*****-***-***-*********

*** ****** **** ****** ** ***** ********* ****.

***** **** ***** ***** **** *** **** ******* ** ***** is *** **** ****** **** *** *******.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on VMS

Hikvision PanoVu Mini Tested (Multi-imager + PTZ For ~$500) on Aug 07, 2018
Hikvision has released their first PanoVu Mini multi imager, the PanoVu DS-2PT3326IZ-DE3, with four 1080p imagers, including a PTZ and integrated...
Bluebox Video UK Startup Profile on Aug 06, 2018
One UK startup, Bluebox Video has designed, developed and is manufacturing their own streaming video wall appliances. To the right is a picture of...
Zenitel/ Stentofon Turbine IP Intercom Tested on Aug 06, 2018
IPVM has published reports testing an Axis door station and a Hikvision door station (tested). However, those companies are new entrants to this...
Panasonic 9MP Panoramic Fisheye Tested (WV-X4571L) on Aug 02, 2018
Panasonic has released their latest fisheye camera, the WV-X4571L, with 12MP sensor and 9MP resolution, claiming "extreme image quality" under...
Genetec Self-Discloses Critical Vulnerability on Jul 31, 2018
In an unprecedented move for the video surveillance industry, Genetec has self-disclosed a critical software vulnerability across Security Center...
Milestone / Canon Spinout Arcules Cloud Launch on Jul 30, 2018
Canon and Milestone's VSaaS Startup spinoff Arcules launched their platform at Google Cloud Next. IPVM spoke with CEO Andreas Pettersson about the...
IP Camera Analytics Shootout - Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision on Jul 30, 2018
Video analytics are hot again. But whose analytics really work? IPVM bought and tested Avigilon, Axis, Bosch, Dahua, Hanwha and Hikvision cameras,...
Eagle Eye Networks Cloud VMS Tested on Jul 26, 2018
Eagle Eye has become one of the most significant players in the industry in the past few years: Eagle Eye's Owner Acquired Brivo Eagle Eye...
Uniview Super Low Cost 4MP Tested on Jul 25, 2018
Even lower cost than Dahua and Hikvision, China's self-proclaimed 3rd place company, Uniview / UNV, is offering aggressive pricing including for...
Axis Adds LPR - License Plate Verifier Examined on Jul 24, 2018
Axis is finally releasing their own License Plate Recognition software application called License Place Verifier, but it has some significant...

Most Recent Industry Reports

Cut Milestone Licensing Costs 80% By Using Hikvision and Dahua NVRs (Tested) on Aug 13, 2018
Enterprise VMS licensing can be quite expensive, with $200 or more per channel common, meaning a 100 camera system can cost $20,000 in VMS...
Nortek Sues SDS, Battle Over Unpaid Bill and Cancelled Lines on Aug 13, 2018
Nortek and SDS legal battle continues. As IPVM reported, SDS sued Nortek alleging bribery and antitrust violation. However, Wave fired back at SDS,...
Uniview Intrusion Analytics and VMD Tested on Aug 13, 2018
IPVM's IP Camera Analytics Shootout featuring Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision created some ill will with a Uniview distributor who...
ADT Employees Protest ADT CEO on Aug 10, 2018
So many ADT employees were so upset with ADT's CEO speech reported on by IPVM, that ADT's CEO was forced to send a mass email to employees to...
Axis / Avigilon Legal Battle Rises on Aug 09, 2018
In what is shaping up to be high-powered, will-not-back-down battle, Axis and Avigilon are squaring off in multiple legal contests. In 2017, IPVM...
Camera Focusing Tutorial on Aug 09, 2018
A camera's focus is fundamental to quality imaging. Mistakes can cause important problems. In this guide, we explain focus issues and proper...
Dahua Ban Response: NOT Chinese Government Owned on Aug 08, 2018
Dahua has responded to the US Congress passing a US government ban on Dahua and Hikvision's products. While Dahua offered the now standard...
Bad Move: ADT Markets Rival Amazon on Aug 08, 2018
Amazon may be lining up ADT as its next victim but ADT is happy to promote Amazon. Amazon has made major moves recently, including acquiring...
Hikvision PanoVu Mini Tested (Multi-imager + PTZ For ~$500) on Aug 07, 2018
Hikvision has released their first PanoVu Mini multi imager, the PanoVu DS-2PT3326IZ-DE3, with four 1080p imagers, including a PTZ and integrated...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact