Security Center can detect and fix Windows system vulnerabilities. This topic describes how to view and handle Windows system vulnerabilities.

Background information

Security Center synchronizes security updates from the Microsoft official website in real time. This allows Security Center to effectively detect high-risk vulnerabilities and generate alerts. This also prevents attackers from exploiting Windows system vulnerabilities that compromise the security of your servers.

Note The Basic and Anti-virus editions of Security Center only detect vulnerabilities, but do not fix them. To use Security Center to fix vulnerabilities with a few clicks, you must activate the Advanced, Enterprise, or Ultimate edition. For more information about the features supported by different Security Center editions, see Feature.

View the basic information about a vulnerability

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Vulnerabilities.
  3. On the Vulnerabilities page, click the Windows System tab.
  4. On the Windows System tab, view and handle all Windows system vulnerabilities that are detected by Security Center.
    You can perform the following operations on the tab:
    • View vulnerability detailsView vulnerability details
    • View vulnerability priorities
      The priorities of vulnerabilities are displayed in different colors in the Affected Assets column. The number in each row of this column indicates the total number of the assets affected by a vulnerability. The following list describes the relationship between colors and priorities:
      • Red: High
      • Orange: Medium
      • Gray: Low
      View vulnerability priorities
      Note We recommend that you fix vulnerabilities that have the High priority at the earliest opportunity.
    • Add vulnerabilities to the whitelist

      On the Windows System tab, you can select vulnerabilities and click Add to Whitelist to add them to the whitelist. Security Center no longer generates alerts on the vulnerabilities that are added to the whitelist.

      Add vulnerabilities to the whitelist

      After you add vulnerabilities to the whitelist, these vulnerabilities are removed from the vulnerability list on the Windows System tab. You can click Settings in the upper-right corner of the page to view these vulnerabilities in the Vul Whitelist section.

      If you want Security Center to detect and generate alerts on a vulnerability that is added to the whitelist, select the vulnerability in the Vul Whitelist section in the Settings panel and click Remove.

      Vul Whitelist
    • Search for vulnerabilities

      On the Windows System tab, you can search for vulnerabilities by severity level, vulnerability status, asset group, virtual private cloud (VPC) name, or vulnerability name. The severity level can be high, medium, or low. The vulnerability status can be handled or unhandled.

      Search for vulnerabilities
      Note Fuzzy match is supported for vulnerability search by name.
    • Export vulnerabilities

      On the Windows System tab, you can click the Export icon icon to export and save all detected Windows system vulnerabilities to your computer. The vulnerabilities are exported to an Excel file.

      Note The time to export the vulnerabilities varies based on the size of vulnerability data.

View vulnerability details and handle vulnerabilities

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Vulnerabilities.
  3. On the Vulnerabilities page, click the Windows System tab.
  4. In the Vulnerability column, click the name of the vulnerability that you want to handle, or click Fix in the Actions column of the vulnerability that you want to handle to go to the panel that shows the vulnerability details.
    In the panel, you can view the details about vulnerabilities. You can also view the number of unhandled vulnerabilities and affected assets on the Pending vulnerability tab. Vulnerability details
  5. In the panel, view and handle vulnerabilities.
    You can perform the following operations:
    • View vulnerability details

      The panel displays all the affected assets and vulnerabilities associated with the vulnerability. You can analyze and handle multiple vulnerabilities at a time.

      • On the Detail tab, you can view the brief introduction to the vulnerabilities associated with the vulnerability.
      • On the Pending vulnerability tab, you can view the assets that are affected by this vulnerability.

        You can view the assets affected by the vulnerability and the status of the vulnerability. You can fix or ignore a vulnerability. You can also verify a vulnerability fix or add a vulnerability to the whitelist.

    • View vulnerability priorities
      For more information about the priorities of Windows system vulnerabilities, visit the Microsoft official website. Vulnerability priorities are marked in different colors:
      • Red: High. The equivalent severity at the Microsoft official website is Critical or Important.
      • Orange: Medium. The equivalent severity at the Microsoft official website is Moderate.
      • Gray: Low. The equivalent severity at the Microsoft official website is Low.
      Note We recommend that you fix vulnerabilities that have the High priority at the earliest opportunity.
    • View vulnerability status
      • Handled
        • Handled: The vulnerability is fixed.
        • Ignored: The vulnerability is ignored. Security Center no longer generates alerts on this vulnerability.
      • Unhandled
        • Unfixed: The vulnerability is to be fixed.
        • Fixing: The vulnerability is being fixed.
        • Fix Failed: Security Center failed to fix the vulnerability. The file that contains the vulnerability data may have been modified or does not exist.
        • Verifying: After you start the verification, the state of the vulnerability changes to Verifying.
    • Manage affected assets

      You can fix or ignore a vulnerability. You can also verify a vulnerability fix or add a vulnerability to the whitelist.

      Fix vulnerabilities

      You can perform the following operations:

      • Fix vulnerabilities
        Fix vulnerabilities based on the following scenarios:
        • The Fix button is available

          Select one or more associated vulnerabilities and click Fix. Security Center automatically creates snapshots and fixes vulnerabilities. You can select Create snapshots automatically and fix or Skip snapshot backup and fix directly based on your requirements.

          Note
          • The system may fail to fix a vulnerability. We recommend that you select Create snapshots automatically and fix to create a snapshot of the system before you click Fix Now. For more information about snapshots, see Snapshot overview.
          • You are charged based on the billing methods of the snapshot service.For example, if the size of the system disk is 40 GB, the fees for snapshot storage are USD 0.005 per day. For more information, see Snapshots.
          Fix Windows system vulnerabilities
        • The Fix button is unavailable
          If the disk space of a server is insufficient or the Windows Update service is running, the vulnerabilities fail to be fixed and the Fix button is dimmed. To fix the vulnerabilities, you must handle the issues on the server. To view the server issues and solutions provided by Security Center, move the pointer over the Fix button. You must manually handle the following issues:
          • The Windows Update service is running.

            Solution: Wait for a few minutes and try to fix the vulnerabilities again. Alternatively, terminate the Wusa process on the server and try to fix the vulnerabilities again in the Security Center console.

          • The Windows Update service is disabled.

            Solution: Start Task Manager of the server and enable the Windows Update service. Then, try to fix the vulnerabilities again in the Security Center console.

          • The server disk space is less than 500 MB.

            Solution: Resize or clear the disk. Then, try to fix the vulnerabilities again in the Security Center console.

      • Verify a vulnerability fix

        Select a vulnerability or multiple associated vulnerabilities and click Verify to check whether the vulnerabilities are fixed.

        After you click Verify, the Status of the vulnerability changes to Verifying. It requires several seconds to verify the fix.

      • Add vulnerabilities to the whitelist

        In the upper-right corner of the panel that shows the vulnerability details, click Add to Whitelist to add a vulnerability to the whitelist. After you add the vulnerability to the whitelist, Security Center no longer generates alerts on this vulnerability.

        After you add vulnerabilities to the whitelist, these vulnerabilities are removed from the vulnerability list on the Windows System tab. You can click Settings in the upper-right corner of the page to view these vulnerabilities in the Vul Whitelist section.

        If you want Security Center to detect and generate alerts on a vulnerability that is added to the whitelist, select the vulnerability in the Vul Whitelist section in the Settings panel and click Remove.

      • Ignore a vulnerability

        Find the vulnerability that you want to ignore, click the Ignore a vulnerability or undo a vulnerability fix icon in the Actions column, and then select Ignore. In the dialog box that appears, enter the description for the ignore operation and click OK. After a vulnerability is ignored, Security Center no longer generates alerts on this vulnerability.

        Search for Handled vulnerabilities, find the vulnerability that is ignored, and then click the vulnerability to go to the panel that shows the vulnerability details. In the panel, move the pointer over the Ignore icon icon in the Status column to view the description of the ignore operation. Description of the ignore operation
        Note The state of this vulnerability changes to Ignored. If you want Security Center to generate alerts on an ignored vulnerability, find the vulnerability in the Handled vulnerability list and click Unignore in the panel.
    • Search for affected assets

      On the Pending vulnerability tab, you can search for affected assets by vulnerability priority, VPC name, asset group, vulnerability status, server IP address, or server name. The vulnerability priority can be high, medium, or low. The vulnerability status can be handled or unhandled.

      Search
      Note Fuzzy match is supported to search for affected assets by server IP address or name.
    • Export affected assets
      On the Pending vulnerability tab, click the Export icon icon above the asset list to export and save all affected assets to your computer. The assets are exported to an Excel file.
      Note The time to export the vulnerabilities varies based on the size of asset data.

References

The "0x80240017 104 (Patch Not Applicable)" error is returned when you fix Windows system vulnerabilities. How do I handle the issue?

Scan cycles

What are the differences between baselines and vulnerabilities?

What can I do if I cannot enable the vulnerability detection feature for a server on the Assets page?