Security Center allows you to detect high-risk urgent vulnerabilities that are recently exposed on the Internet. You can check whether your assets are affected by these vulnerabilities in a timely manner. This topic describes how to view and handle urgent vulnerabilities.

Background information

The urgent vulnerability detection feature provides the following benefits:
  • Allows you to specify vulnerability severities before detection.
  • Supports the sorting of vulnerabilities by disclosure time.
  • Detects specific urgent vulnerabilities and displays the detection progress in real time.
  • Supports urgent vulnerability alerts and displays the details of affected assets and vulnerabilities.
  • Displays the vulnerability priorities and provides suggestions on vulnerability fixes.
  • Checks whether a vulnerability has been fixed.
Note
  • Urgent vulnerabilities can be detected only by manual operations.
  • All Security Center editions support the urgent vulnerability detection feature.
  • Security Center only provides the urgent vulnerability detection feature and suggestions on vulnerability fixes. It cannot automatically fix the detected urgent vulnerabilities. You must manually fix urgent vulnerabilities on the affected servers by following Suggestions in the panel that shows the details about the vulnerabilities.

Limits

All editions of Security Center support this feature. For more information about the features that each edition supports, see Feature.

Supported server types

The urgent vulnerability detection feature supports only Alibaba Cloud Elastic Compute Service (ECS) instances. Servers that are not deployed on Alibaba Cloud or servers in data centers are not supported.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Vulnerabilities.
  3. On the Vulnerabilities page, click the Emergency tab.
  4. On the Emergency tab, view both the historical and recent urgent vulnerabilities. You can also check whether your assets are affected by these vulnerabilities.
    You can perform the following operations:
    • Detect vulnerabilities

      In the vulnerability list, find the vulnerability that you want to detect and click Check Now in the Actions column.

      Alternatively, click Scan now below Latest System Vul Time. In the One-click detection dialog box, select the required types for Vul and click OK. Then, Security Center scans all your servers to detect urgent vulnerabilities. For more information about how to perform quick scan tasks, see Quick scan.

      If vulnerabilities are detected, the number of affected assets is displayed in the Risks column and highlighted in red. You can click the name of a vulnerability to go to the panel that displays the vulnerability details. In the panel, you can view the vulnerability details and handle the vulnerability.
      Note Vulnerabilities that have never been detected before are displayed as Uninspected in the Risks column. Periodic detection is not supported. You must manually detect urgent vulnerabilities each time. If you never perform quick scan tasks or click Check Now in the Actions column, all urgent vulnerabilities are displayed as Uninspected in the Risks column. Security Center discloses high-risk urgent vulnerabilities that are exposed on the Internet but cannot automatically detect these vulnerabilities. We recommend that you regularly check the urgent vulnerability list and manually detect urgent vulnerabilities.

      After you click Check Now, the detection progress is displayed in real time.

    • Search for vulnerabilities

      On the Emergency tab, you can search for vulnerabilities by detection mode, risk status, or vulnerability name. The detection mode can be software version detection or web scanner. The risk status can be risk or no risk.

      The following list describes two detection modes:
      • Version: Security Center collects software versions to detect and analyze vulnerabilities.
      • Network Scan: Security Center uses web scanners to detect vulnerabilities on your assets. No manual configuration is required.
    • Export vulnerabilities
      On the Emergency tab, you can click the Export icon icon to export and save all urgent vulnerabilities that contain risks to your computer.
      Notice If urgent vulnerabilities that do not contain risks are detected on your assets, you cannot export and save these vulnerabilities to your computer.
    • View the vulnerability status of affected assets
      Category Status Description
      Handled Handled The vulnerability is fixed.
      Fix failed Security Center failed to fix the vulnerability. The file that contains the vulnerability may have been modified or deleted.
      Ignored The vulnerability is ignored. Security Center no longer generates alerts on this vulnerability.
      Invalid The vulnerability has not been detected in the last seven days.
      Unhandled Unfixed The vulnerability is not fixed.
    • View the priorities of urgent vulnerabilities

      Priorities of vulnerabilities are classified into high, medium, and low based on a comprehensive analysis of factors, such as vulnerability severities, time when vulnerabilities are detected, and actual server environment.

      Note We recommend that you fix vulnerabilities that have the High priority at the earliest opportunity.
    • Handle urgent vulnerabilities

      Security Center only provides the urgent vulnerability detection feature and suggestions on vulnerability fixes. It cannot automatically fix the detected urgent vulnerabilities. You must manually fix urgent vulnerabilities on the affected servers by following Suggestions in the panel that shows the details about the vulnerabilities.

      You can perform the following operations:

      • View Suggestions in the panel that displays the vulnerability details and manually fix the vulnerability on the affected servers.
      • Verify: Check whether the vulnerability is fixed.
      • Ignore: Ignore the vulnerability. Security Center no longer generates alerts on the vulnerability.
        Note The status of this vulnerability changes to Ignored. If you want Security Center to generate alerts on an ignored vulnerability, click the vulnerability in the Handled vulnerability list and click Unignore on the Detail tab.

References

Why are the results different when Security Center scans multiple times for fastjson emergency vulnerabilities?

Scan cycles

What are the differences between baselines and vulnerabilities?

What can I do if I cannot enable the vulnerability detection feature for a server on the Assets page?