This topic lists the possible causes of vulnerability fix failures in Security Center and provides solutions.

Overview

Many issues may lead to vulnerability fix failures, for example, server environment issues, incompatibility between the server and the patch file, and poor network connections. This topic may not cover all the possible causes. If the cause of a vulnerability fix failure is not mentioned in this topic, we recommend that you search the Internet for more information about the specific vulnerability.

Possible causes that lead to fix failures of Windows and Linux software vulnerabilities

If the system prompts that the fix failed when you fix a Windows or Linux software vulnerability in the Security Center console, perform the following steps:

We recommend that you fix software vulnerabilities on your servers at the earliest opportunity. For more information, see Fix software vulnerabilities.

  1. Check the available space of the disk on your server. If the disk does not have sufficient space, Security Center cannot download patch files that are required to fix the vulnerability.

    In this case, increase the disk space or delete unnecessary files on your server. After you make sure that the disk has sufficient space, fix the vulnerability.

  2. View other possible causes based on the operating system that your server runs:
    • Windows
      1. No available patch package

        The correct patch package is not downloaded. After you download the correct patch package, fix the vulnerability.

      2. Incompatible patch package

        Check whether the patch package is compatible with the operating system that your server runs. If the patch package is incompatible, you can log on to the Security Center console and ignore the vulnerability on the Vulnerabilities page.

      3. Another patch being installed

        You cannot install two patches at the same time. We recommend that you fix the vulnerability after the current installation is complete.

      4. Other settings
        1. Check whether the Cryptographic Services of the Windows Update service is running as expected.
        2. Check whether you have the permissions to read and run the files under the C:\Windows directory.
        3. Check whether the Windows Update service is running as expected.
        4. Reset Windows Update components. For more information, see Windows Update - additional resources.
    • Linux

      Check whether the system update source is correctly configured.

      For more information about Linux software vulnerabilities, see FAQ.

  3. Check whether the Security Center agent is connected to Alibaba Cloud. If the Security Center agent is not connected to Alibaba Cloud, fix failures occur. If the Security Center agent is not connected to Alibaba Cloud, we recommend that you troubleshoot the causes. For more information, see Troubleshoot why the Security Center agent is offline.

Possible causes that lead to fix failures of web-CMS vulnerabilities

If the system prompts that the fix failed when you fix a web-CMS vulnerability in the Security Center console, perform the following steps:

  1. Check whether security software, such as SafeDog, is installed on your server and whether you have performed directory optimization or modified relevant settings. If you have performed directory optimization, the system account may not have permissions to write the files under the www directory and its sub-directories.

    Make sure that the system account of your server has the read and write permissions on the files under the www directory and its sub-directories. If the system account does not have the read and write permissions, grant the system account the permissions.

  2. Check whether the file related to the vulnerability is manually modified, or whether you have manually installed the official patch for the vulnerability. If the file is manually modified, the MD5 hash value of the file may have changed. In this case, Security Center will not modify the file to prevent modifying your file by mistake. Therefore, Security Center fails to fix the vulnerability.

    If you have manually fixed the vulnerability, you can verify the fix in the Security Center console. 24 hours after you verify the fix, if the status of the vulnerability is Fixed, the fix is successful.

  3. If you receive a message indicating that the vulnerability file does not exist, open the file path listed in the vulnerability description and check whether the file is deleted.

    If the vulnerability file has already been deleted, you can ignore the alert.

  4. Check the space of your server disk. If the disk does not have sufficient space, Security Center cannot download patch files that are required to fix the vulnerability.

    In this case, increase the disk space or delete unnecessary files on your server. After you make sure that the disk has sufficient space, fix the vulnerability.

  5. Check whether the Security Center agent is connected to Alibaba Cloud. If the Security Center agent is not connected to Alibaba Cloud, fix failures occur. If the Security Center agent is not connected to Alibaba Cloud, we recommend that you troubleshoot the causes. For more information, see Troubleshoot why the Security Center agent is offline.