[Important] Instruction of Beijing Municipal Public Security Bureau on Website Vulnerability Patch

2018-08-18 10:48:06
Dear user

Dear user, in accordance with the Notice of the Network Security Corps of Beijing Municipal Public Security Bureau, an important summit forum will be held in Beijing in September, so all cloud service providers must guarantee the network security, clean up and patch the web vulnerabilities to prevent the network resources of cloud tenants and cloud service providers from being used by lawbreakers.


In order to completely remove hidden perils, in accordance with the directions of the Network Security Corps of Beijing Municipal Public Security Bureau, JD Cloud will positively patch vulnerabilities for cloud tenant websites and push the vulnerability details and solutions by Email for users with vulnerability on website. If users are not technically capable of patching website vulnerability, please install the free web protection system recommended by the Network Security Corps of Beijing Municipal Public Security Bureau:


Network Protection G01-website guard version: http://www.weishi110.cn/static/index.html

Installation and Use Instructions Document:http://help.weishi110.cn/


Note:

(1) After installing the Network Protection G01, the web protection is not enabled by default, please enable the protection according to the instructions documentation.

(2) If your website takes JD Cloud load balancer as the frontend, it is recommended that you should enable the JD Cloud application security gateway function to realize VPC-WAF protection. Reference link:https://www.jdcloud.com/help/detail/2335/isCatalog/1


Pursuant to relevant requirements, user receiving the Notice shall complete the patches prior to August 22, 2018. In case of delay, the virtual machine may be shut down and the console will be unable to be enabled; then you have to open ticket to unblock them and immediately patch vulnerabilities upon the console permission is resumed. If website vulnerabilities are found to exist persistently by regular inspection, the virtual machine will be shut down again and the console policy will be locked.


We will send vulnerability details and patch suggestions one by one according to vulnerability URL. Please read through your Emails in the mailbox and check that if our notices are treated as spam. Make sure you do all patches or protection.


To secure your website and maintain security and stability of the whole Internet, you are required to positively cooperate with us with the vulnerability patch. Thank you for your understanding and support.


Appendix:Table of Comparisons of Vulnerabilities Reported by the Network Security Corps of Beijing Municipal Public Security Bureau

JD Cloud team

2018-08-18 10:48:06