Security Center supports detecting high-risk emergency vulnerabilities that have been exposed on the Internet recently. You can check whether your assets are affected by these vulnerabilities in a timely manner. This topic describes how to view and handle emergency vulnerabilities.

Background information

The emergency vulnerability detection feature provides the following benefits:
  • You can enable or disable emergency vulnerability detection and set the check interval as needed.
  • You can customize the severity of the vulnerabilities that need to be detected.
  • You can sort the vulnerabilities by disclosure time.
  • Supports emergency vulnerability detection and displays the detection progress in real time.
  • Supports emergency vulnerability alerts and displays the details of the affected assets and vulnerabilities.
  • Displays the vulnerability priorities and provides fix suggestions.
  • You can check whether a vulnerability has been fixed after you perform a fix operation.
Note Emergency vulnerability detection is supported by all editions of Security Center.

Limits

The emergency vulnerability detection feature supports only Alibaba Cloud Elastic Compute Service (ECS) instances. External servers or instances in on-premises data centers are not supported.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Vulnerabilities.
  3. On the Vulnerabilities page, click the Emergency tab.
  4. On the Emergency tab, you can view the latest emergency vulnerabilities and the records of all emergency vulnerabilities. You can also check whether your assets are affected by these vulnerabilities.
    You can perform the following operations:
    • Detect vulnerabilities

      Find the target vulnerability in the vulnerability list and click Check Now in the Actions column to check for emergency vulnerabilities on your assets.

      If a risk is detected, the number of affected assets is displayed and highlighted in red in the Risks column. You can click the name of the target vulnerability to go to the details page. You can view the details and manage the vulnerability on the details page. Vulnerability details
      Note Vulnerabilities that have never been detected are displayed as Uninspected in the Risks column.
      The detection progress is displayed in real time after you start a detection. Detection progress
    • Filter vulnerabilities
      On the Emergency tab, you can filter vulnerabilities by risk status (Risk or No risk) or vulnerability name. Filter vulnerabilities
    • View detailed vulnerability states of affected assets
      Status State Description
      Handled Handled The vulnerability has been fixed.
      Fix failed Security Center failed to fix the vulnerability. The vulnerability file may have been modified or removed.
      Ignored Ignored: The vulnerability has been Ignored. Security Center no longer generates alerts when this vulnerability is detected.
      Invalid The vulnerability has not been detected in the last seven days.
      Unhandled Unfixed The vulnerability is not fixed.
    • View the priorities of emergency vulnerabilities

      Priorities of vulnerabilities are classified into high, medium, and low based on comprehensive analysis of factors such as the vulnerability level, the time when the vulnerability is detected, and the actual server environment.

      Note We recommend that you fix High priority vulnerabilities at the earliest opportunity.
    • Manage emergency vulnerabilities
      • You can view Suggestions on the vulnerability details page and manually fix the vulnerabilities in the affected servers.
      • Verify: You can check whether the target vulnerability has been fixed.
      • Ignore: The vulnerability has been ignored. Security Center no longer generates alerts when this vulnerability is detected.
        Note After you Ignore a vulnerability, the status of the vulnerability changes to Ignored. If you want Security Center to generate alerts on an ignored vulnerability, select the vulnerability in the Handled vulnerability list and click Cancel ignore.