Security Center detects high-risk urgent vulnerabilities that are recently exposed
on the Internet. You can check whether your assets are affected by these vulnerabilities
at the earliest opportunity. This topic describes how to view and handle urgent vulnerabilities.
Background information
The feature of urgent vulnerability detection provides the following benefits:
- Allows you to specify vulnerability severities before detection.
- Sorts urgent vulnerabilities by disclosure time.
- Detects urgent vulnerabilities and shows the detection progress.
- Generates alerts for urgent vulnerabilities and shows the details of affected assets
and alerted vulnerabilities in real time.
- Shows the priorities to fix urgent vulnerabilities and provides suggestions on vulnerability
fixes.
- Checks whether an urgent vulnerability is fixed.
Note Security Center detects urgent vulnerabilities and provides suggestions on vulnerability
fixes. However, it does not allow you to fix the detected urgent vulnerabilities with
a few clicks. You must manually fix an urgent vulnerability on the affected servers based on Suggestions in the panel that shows the vulnerability details.
Limits
All editions of Security Center support this feature. For more information about the
features that each edition supports, see Features.
Limits
Security Center detects urgent vulnerabilities only on Alibaba Cloud Elastic Compute
Service (ECS) instances. Security Center cannot detect urgent vulnerabilities on the
servers that are not deployed on Alibaba Cloud or the servers in data centers.
Procedure
- Log on to the Security Center console.
- In the left-side navigation pane, choose .
- On the Vulnerabilities page, click the Emergency tab.
- On the Emergency tab, view both the historical and recent urgent vulnerabilities. Check whether your
assets are affected by these vulnerabilities.
You can perform the following operations:
- Detect vulnerabilities
Security Center allows you to detect urgent vulnerabilities by using the following
methods:
- Detect all vulnerabilities with a few clicks
Click Scan now below Latest System Vul Time. In the Scan for Vulnerabilities dialog box, select Emergency and click OK. Then, Security Center scans all your servers to detect urgent vulnerabilities. For
more information, see Use the quick scan feature.
- Immediately detect a single vulnerability
In the vulnerability list, find the vulnerability that you want to detect and click
Check Now in the Actions column. After you click Check Now, the detection progress is updated
in real time.
- Perform periodic detection (Periodic detection is supported only by the Advanced, Enterprise, and Ultimate editions.)
In the
Settings panel, configure Emergency vul(s) Scan Cycle. By default, the detection period for
urgent vulnerabilities is
00:00:00 to
07:00:00. You can set Emergency vul(s) Scan Cycle to 3 Days, One week, Two weeks, or Stop.
For more information, see
Configure vulnerability settings.
Note If your servers are deployed in a private network or urgent vulnerability detection
is not required, you can set Emergency vul(s) Scan Cycle to Stop. However, your servers
may be attacked in various ways. We recommend that you set Emergency vul(s) Scan Cycle
to a value other than Stop. This way, Security Center detects urgent vulnerabilities
on your servers in a timely manner.
If a vulnerability is detected, the number of affected assets is displayed and highlighted
in red in the
Risks column of the vulnerability. You can click the name of the vulnerability to go to
the panel that displays the vulnerability details. In the panel, you can view the
vulnerability details and handle the vulnerability.
Note A vulnerability for which you never perform a scan task is displayed as Uninspected in the Risks column. If you never perform quick scan tasks or click Check Now in the Actions column, all urgent vulnerabilities are displayed as Uninspected in the Risks column. Security Center discloses high-risk urgent vulnerabilities that are exposed
on the Internet but does not automatically detect these vulnerabilities. We recommend
that you regularly check the urgent vulnerability list and specify the period for
automatic detection or manually scan for urgent vulnerabilities.
- Search for vulnerabilities
On the Emergency tab, you can search for vulnerabilities by detection mode, risk status, or vulnerability
name. The detection mode can be Version or Network Scan. The risk status can be Risk
or No risk.
The following list describes the detection modes:
- Version: Security Center collects information about software versions to detect and analyze
vulnerabilities on your assets in a private network.
- Network Scan: Security Center uses web scanners to detect vulnerabilities on your assets in the
Internet. No manual configurations are required.
- Export vulnerabilities
On the
Emergency tab, you can click the

icon to export and save all urgent vulnerabilities that are detected on your assets
to your computer.
Notice If no urgent vulnerabilities are detected on your assets, the export icon is dimmed.
- View the vulnerability status of affected assets
Category |
Status |
Description |
Handled |
Handled |
The vulnerability is fixed. |
Fix failed |
Security Center failed to fix the vulnerability. The file that contains the vulnerability
may have been modified or does not exist.
|
Ignored |
The vulnerability is ignored. Security Center no longer generates alerts for this vulnerability.
|
Invalid |
The vulnerability has not been detected in the last seven days. |
Unhandled |
Unfixed |
The vulnerability is not fixed. |
Verifying |
After you manually fix a vulnerability, you can click Verify in the Actions column to check whether the vulnerability is fixed. After you click Verify, the status
of the vulnerability changes to Verifying from Unfixed.
|
- View the priorities to fix urgent vulnerabilities
Priorities to fix vulnerabilities are classified into high, medium, and low based
on vulnerability severities, time when vulnerabilities are detected, and server status.
Note We recommend that you fix vulnerabilities that have the High priority at the earliest opportunity.
- Handle urgent vulnerabilities
Security Center detects urgent vulnerabilities and provides suggestions on vulnerability
fixes. However, it does not allow you to fix the detected urgent vulnerabilities with
a few clicks. You must manually fix an urgent vulnerability on the affected servers based on Suggestions in the panel that shows the vulnerability details.
You can perform the following operations:
- View Suggestions in the panel that displays the vulnerability details and manually fix the vulnerability
on the affected servers.
- Verify: Check whether the vulnerability is fixed.
- Ignore: Ignore the vulnerability. Security Center no longer generates alerts for the vulnerability.
Note The state of this vulnerability changes to Ignored. If you want Security Center to generate alerts on an ignored vulnerability, find
the vulnerability in the Handled vulnerability list and click Unignore in the panel.
- Handle the vulnerabilities detected by Cloud Firewall
Security Center uses the Cloud firewall Supports Virtual patches tag to indicate a vulnerability detected by Cloud Firewall. You can click the tag
or Protection in the Actions column to go to the Cloud Firewall console to fix the vulnerability. For more information, see Vulnerability protection.