Security Center detects high-risk urgent vulnerabilities that are recently exposed on the Internet. You can check whether your assets are affected by these vulnerabilities at the earliest opportunity. This topic describes how to view and handle urgent vulnerabilities.

Background information

The feature of urgent vulnerability detection provides the following benefits:
  • Allows you to specify vulnerability severities before detection.
  • Sorts urgent vulnerabilities by disclosure time.
  • Detects urgent vulnerabilities and shows the detection progress.
  • Generates alerts for urgent vulnerabilities and shows the details of affected assets and alerted vulnerabilities in real time.
  • Shows the priorities to fix urgent vulnerabilities and provides suggestions on vulnerability fixes.
  • Checks whether an urgent vulnerability is fixed.
Note Security Center detects urgent vulnerabilities and provides suggestions on vulnerability fixes. However, it does not allow you to fix the detected urgent vulnerabilities with a few clicks. You must manually fix an urgent vulnerability on the affected servers based on Suggestions in the panel that shows the vulnerability details.

Limits

All editions of Security Center support this feature. For more information about the features that each edition supports, see Features.

Limits

Security Center detects urgent vulnerabilities only on Alibaba Cloud Elastic Compute Service (ECS) instances. Security Center cannot detect urgent vulnerabilities on the servers that are not deployed on Alibaba Cloud or the servers in data centers.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Vulnerabilities.
  3. On the Vulnerabilities page, click the Emergency tab.
  4. On the Emergency tab, view both the historical and recent urgent vulnerabilities. Check whether your assets are affected by these vulnerabilities.
    You can perform the following operations:
    • Detect vulnerabilities
      Security Center allows you to detect urgent vulnerabilities by using the following methods:
      • Detect all vulnerabilities with a few clicks

        Click Scan now below Latest System Vul Time. In the Scan for Vulnerabilities dialog box, select Emergency and click OK. Then, Security Center scans all your servers to detect urgent vulnerabilities. For more information, see Use the quick scan feature.

      • Immediately detect a single vulnerability

        In the vulnerability list, find the vulnerability that you want to detect and click Check Now in the Actions column. After you click Check Now, the detection progress is updated in real time.

      • Perform periodic detection (Periodic detection is supported only by the Advanced, Enterprise, and Ultimate editions.)
        In the Settings panel, configure Emergency vul(s) Scan Cycle. By default, the detection period for urgent vulnerabilities is 00:00:00 to 07:00:00. You can set Emergency vul(s) Scan Cycle to 3 Days, One week, Two weeks, or Stop. For more information, see Configure vulnerability settings.
        Note If your servers are deployed in a private network or urgent vulnerability detection is not required, you can set Emergency vul(s) Scan Cycle to Stop. However, your servers may be attacked in various ways. We recommend that you set Emergency vul(s) Scan Cycle to a value other than Stop. This way, Security Center detects urgent vulnerabilities on your servers in a timely manner.
      If a vulnerability is detected, the number of affected assets is displayed and highlighted in red in the Risks column of the vulnerability. You can click the name of the vulnerability to go to the panel that displays the vulnerability details. In the panel, you can view the vulnerability details and handle the vulnerability.
      Note A vulnerability for which you never perform a scan task is displayed as Uninspected in the Risks column. If you never perform quick scan tasks or click Check Now in the Actions column, all urgent vulnerabilities are displayed as Uninspected in the Risks column. Security Center discloses high-risk urgent vulnerabilities that are exposed on the Internet but does not automatically detect these vulnerabilities. We recommend that you regularly check the urgent vulnerability list and specify the period for automatic detection or manually scan for urgent vulnerabilities.
    • Search for vulnerabilities

      On the Emergency tab, you can search for vulnerabilities by detection mode, risk status, or vulnerability name. The detection mode can be Version or Network Scan. The risk status can be Risk or No risk.

      The following list describes the detection modes:
      • Version: Security Center collects information about software versions to detect and analyze vulnerabilities on your assets in a private network.
      • Network Scan: Security Center uses web scanners to detect vulnerabilities on your assets in the Internet. No manual configurations are required.
    • Export vulnerabilities
      On the Emergency tab, you can click the Export icon icon to export and save all urgent vulnerabilities that are detected on your assets to your computer.
      Notice If no urgent vulnerabilities are detected on your assets, the export icon is dimmed.
    • View the vulnerability status of affected assets
      Category Status Description
      Handled Handled The vulnerability is fixed.
      Fix failed Security Center failed to fix the vulnerability. The file that contains the vulnerability may have been modified or does not exist.
      Ignored The vulnerability is ignored. Security Center no longer generates alerts for this vulnerability.
      Invalid The vulnerability has not been detected in the last seven days.
      Unhandled Unfixed The vulnerability is not fixed.
      Verifying After you manually fix a vulnerability, you can click Verify in the Actions column to check whether the vulnerability is fixed. After you click Verify, the status of the vulnerability changes to Verifying from Unfixed.
    • View the priorities to fix urgent vulnerabilities

      Priorities to fix vulnerabilities are classified into high, medium, and low based on vulnerability severities, time when vulnerabilities are detected, and server status.

      Note We recommend that you fix vulnerabilities that have the High priority at the earliest opportunity.
    • Handle urgent vulnerabilities

      Security Center detects urgent vulnerabilities and provides suggestions on vulnerability fixes. However, it does not allow you to fix the detected urgent vulnerabilities with a few clicks. You must manually fix an urgent vulnerability on the affected servers based on Suggestions in the panel that shows the vulnerability details.

      You can perform the following operations:

      • View Suggestions in the panel that displays the vulnerability details and manually fix the vulnerability on the affected servers.
      • Verify: Check whether the vulnerability is fixed.
      • Ignore: Ignore the vulnerability. Security Center no longer generates alerts for the vulnerability.
        Note The state of this vulnerability changes to Ignored. If you want Security Center to generate alerts on an ignored vulnerability, find the vulnerability in the Handled vulnerability list and click Unignore in the panel.
    • Handle the vulnerabilities detected by Cloud Firewall

      Security Center uses the Cloud firewall Supports Virtual patches tag to indicate a vulnerability detected by Cloud Firewall. You can click the tag or Protection in the Actions column to go to the Cloud Firewall console to fix the vulnerability. For more information, see Vulnerability protection.

References

Why are the results different when Security Center scans multiple times for fastjson urgent vulnerabilities?

How often does Security Center detect vulnerabilities?

What are the differences between baselines and vulnerabilities?

What do I do if I cannot enable the vulnerability detection feature for a server on the Assets page?