Security Center can detect and fix Windows system vulnerabilities. This topic describes how to view and manage Windows system vulnerabilities.

Background information

Synchronized with the security updates released on Microsoft official website, Security Center can effectively detect high-risk vulnerabilities and alert you to potential threats. This prevents attackers from exploiting Windows system vulnerabilities to compromise the security of your server.

Note The Basic edition of Security Center can only detect vulnerabilities. To fix vulnerabilities, you must upgrade to the Advanced or Enterprise edition. For more information, see Features.

View vulnerability details

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Vulnerabilities.
  3. On the Vulnerabilities page, click the Windows System tab.
  4. On the Windows System tab, you can view and manage all Windows system vulnerabilities detected by Security Center.
    You can perform the following operations on this tab:
    • View vulnerability detailsView vulnerability details
    • View vulnerability priorities
      The severity of vulnerabilities is displayed in different colors. The severity number represents the priority in which a vulnerability is fixed.
      • Red represents High severity.
      • Orange represents Medium severity.
      • Gray represents Low severity.
      View vulnerability priorities
      Note We recommend that you immediately fix High priority vulnerabilities.
    • Add vulnerabilities to the whitelist

      On the Windows System tab, you can select the target vulnerabilities and click Add to Whitelist to add them to the whitelist. After the target vulnerabilities are added to the whitelist, Security Center no longer generates alerts when they are detected.

      Add vulnerabilities to the whitelist

      On the Windows System tab, you can remove vulnerabilities from the whitelist. After that, you can click Settings in the upper-right corner to view the removed vulnerabilities in the Vul Whitelist list.

      If you want Security Center to detect and generate alerts upon a vulnerability that is already added to the whitelist, select the vulnerability on the Settings page and then click Remove to remove the vulnerability from the whitelist.

      The Settings page
    • Filter vulnerabilities

      On the Windows System tab, you can filter vulnerabilities by vulnerability name, priority (high, medium, or low), or vulnerability status (handled or unhandled).

      Filter vulnerabilities
      Note Fuzzy match of vulnerability names is supported.
    • Export vulnerabilities

      On the Windows System tab, click The Export icon to export and save all detected Windows system vulnerabilities to a local machine. The vulnerabilities are exported to an Excel file.

      Note It may take a long time to export the vulnerabilities, depending on the file size.
      Export vulnerabilities

View vulnerability details and manage vulnerabilities

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Vulnerabilities.
  3. On the Vulnerabilities page, click the Windows System tab.
  4. On the Windows System tab, click the name of the target vulnerability in the Vulnerability column to go to the Detail tab. Alternatively, click Fix in the Actions column corresponding to the target vulnerability in the Vulnerability column.
    You can view vulnerability details on the Detail tab.You can also view the number of unhandled vulnerabilities and affected assets on the Pending vulnerability tab.The details page
  5. On the Detail tab, you can view vulnerability details and manage vulnerabilities.
    Perform the following operations as needed:
    • View vulnerability details

      The Detail tab displays all the affected assets and vulnerabilities associated with the vulnerability. You can analyze and manage multiple vulnerabilities simultaneously.

      • On the Detail tab, you can view brief information about all the associated vulnerabilities.
      • Click the Pending vulnerability tab to go to the Affected Assets column on the Detail tab.

        In the Affected Assets column, you can view the assets affected by the vulnerability and vulnerability status. You can also verify, fix, ignore, or add the vulnerability to the whitelist.

      Unhandled vulnerabilities
    • View vulnerability priorities
      Vulnerability priorities are displayed in different colors:
      • Red: This color indicates High priority vulnerabilities.
      • Orange: This color indicates Medium priority vulnerabilities.
      • Gray: This color indicates Low priority vulnerabilities.
      Note We recommend that you immediately fix High priority vulnerabilities.
    • View vulnerability status
      • Handled
        • Fixed: The vulnerability has been fixed.
        • Ignored: The vulnerability is Ignored. Security Center no longer generates alerts upon this vulnerability.
      • Unhandled
        • Unfixed: The vulnerability has not been fixed.
        • Fixing: The vulnerability is being fixed.
        • Fix Failed: Security Center failed to fix the vulnerability. The file of the vulnerability has been modified or does not exist.
        • Handled (To Be Restarted): The vulnerability has been fixed, and a system restart is required for the fix to take effect.
        • Verifying: The vulnerability has been fixed. If the system needs to be restarted, verify the fix after the restart.
    • Manage affected assets

      In the Actions column, you can fix, verify, ignore, or add the vulnerability to the whitelist.

      Manage vulnerabilities
      • Fix vulnerabilities

        You can click Fix in the Actions column to fix one or more related vulnerabilities simultaneously. Security Center can automatically create snapshots and fix vulnerabilities. You can select Create snapshots automatically and fix or Skip snapshot backup and fix directly as needed.

        Fix Windows system vulnerabilities
        Note
        • The system may fail to fix a vulnerability. We recommend that you select Create snapshots automatically and fix to create a snapshot of the system. For more information about snapshots, see Snapshot overview.
        • Snapshots incur fees. Fees are calculated based on the service of the snapshot. For example, if the size of the system disk is 40 GB, the fees are USD 0.005 per day. For more information, see Snapshot billing methods.
      • Verify vulnerabilities

        You can click Verify to verify one or more related vulnerabilities simultaneously.

        After you click Verify, the Status of the vulnerability is changed to Verifying. It takes several seconds to verify a vulnerability.

      • Add vulnerabilities to the whitelist

        In the upper-right corner of the Detail tab, click Add to Whitelist to add the vulnerability to the whitelist. After a vulnerability is added to the whitelist, Security Center no longer generates alerts upon this vulnerability.

        On the Windows System tab, you can remove vulnerabilities from the whitelist. After that, you can click Settings in the upper-right corner to view the removed vulnerabilities in the Vul Whitelist list.

        If you want Security Center to detect and generate alerts upon a vulnerability that is already added to the whitelist, select the vulnerability on the Settings page and then click Remove to remove the vulnerability from the whitelist.

      • Ignore vulnerabilities

        Select the target vulnerability, click Ignore/Undo Fix and then select Ignore. Security Center no longer alerts you of this vulnerability.

        Note After you Ignore a vulnerability, the status of the vulnerability is changed to Ignored. If you want Security Center to alert you of an ignored vulnerability again, select the vulnerability in the Handled vulnerability list and click Cancel ignore.
    • Search for affected assets

      On the Pending Vulnerability tab, you can search for affected assets by vulnerability severity (high, medium, and low), asset group, vulnerability status (handled and unhandled), server IP address, or server name.

      Search for affected assets
      Note Server IP addresses and names support fuzzy match.
    • Export affected assets
      In the upper-right corner of the Pending Vulnerability tab, click the Export icon (Export affected assets) to export assets exposed to a vulnerability to a local computer. The assets are exported to an Excel file.
      Note It may take a long time to export the assets, depending on the file size.
      The Export icon
    • Save filtered vulnerabilities

      In the upper-right corner of the Pending Vulnerability tab, you can click The Save icon to save the filtered vulnerability as a group. This allows you to monitor the group of vulnerabilities.

      Save filtered vulnerabilities

Related topics

The "0x80240017 104 (Patch Not Applicable)" error is returned when you fix Windows vulnerabilities