This topic describes the possible causes of failures in using the Security Center vulnerability management feature to fix vulnerabilities.

Note There are multiple problems that may cause vulnerability fix failures. For example, server environment issues, incompatibility between the server and the patch, and poor network environment. This topic may not cover all the possible causes. If the cause of the vulnerability fix failure on your server is not mentioned in this topic, we recommend that you search online for more information about the specific vulnerability.

Possible causes of Web CMS vulnerability fix failures

If an error occurs while fixing a Web CMS vulnerability by using the vulnerability management feature of Security Center, perform the following operations to locate the cause:

  1. Check whether Safedog or other security software is installed on your server and has been used to adjust directory permissions or change the related settings. After directory permission adjustment, a system account may lose the write permission on the www directory and its sub-directories. This may lead to vulnerability fix failures.

    Make sure that the system account of your server has the read and write permissions on the www directory and its sub-directories. If the system account does not have these permissions, manually grant the permissions.

  2. Check whether the file related to the specified vulnerability has been manually modified, or whether you have manually updated the official patch for this vulnerability. If this file has been modified, the file MD5 may not match when Security Center verifies the file parameters before installing the patch to fix vulnerabilities. To prevent modifying your file by mistake, Security Center does not modify this file and stops the vulnerability fix.

    If you have manually fixed this vulnerability, you can verify the fix in Security Center. If no additional alert on this vulnerability is generated within 24 hours after the verification, the vulnerability fix is successful.

  3. If you receive a message indicating that the vulnerability file does not exist, open the file path listed in the vulnerability description, and check whether the file is deleted.

    If this file has been deleted, you can ignore the alert on this vulnerability.

  4. Check the storage of your server. If the disk on your server has no free space, Security Center cannot upload or download patch files, leading to vulnerability fix failures.

    If the disk has no free space, increase the disk capacity, or remove unnecessary files from your server. Make sure that the disk has sufficient free space, and fix the vulnerability again.

Possible causes of system software vulnerability fix failures

If an error occurs while fixing vulnerabilities in Windows or Linux system software by using the vulnerability management feature of Security Center, perform the following operations to locate the cause:

For more information about fixing vulnerabilities in Windows or Linux system software, see Best practices for fixing system software vulnerabilities.

  1. Check the storage of your server. If the disk on your server has no free space, Security Center cannot download patch files to fix vulnerabilities.

    If the disk has no free space, increase the disk capacity, or remove unnecessary files from your server. Make sure that the disk has sufficient free space, and fix the vulnerability again.

  2. Check for other causes based on the OS of your server:
    • Windows servers
      1. No patch package is available.

        The patch package has not been downloaded to your server. You can try fixing the vulnerability again.

      2. The patch package is incompatible with the server OS.

        If you have confirmed that the patch package is incompatible with the server OS, you can ignore this vulnerability on the vulnerability management page.

      3. Another patch is being installed.

        You cannot install two patches simultaneously. We recommend that you do not fix this vulnerability until the ongoing patch installation is complete.

      4. Other settings.
        1. Check whether the Windows cryptographic services are running.
        2. Check whether the Users role has the read and execute permissions on the C:\Windows directory.
        3. Check whether Windows Update runs properly.
        4. Reset the Windows Update components. For more information, see Windows Update - additional resources.
    • Linux servers

      For more information about troubleshooting failures of fixing Linux software vulnerabilities, see Vulnerability scan FAQ.