While 2020 hit a record-breaking number of detected CVEs, enough to surpass those of 2019 by August, users are still curious to see whether this ascending trend will continue. Some may remember how back in October the number of CVEs finally dropped, only to go back up again in November, which is all the more reasons to see what December will bring. Take a closer look at this quick rundown on the number of CVEs that have been tracked down this year:

February: 99 CVEs March: 115 CVEs April: 118 CVEs May: 147 CVEs June: 139 CVEs July: 136 CVEs August: 146 CVEs September: 147 CVEs October: 88 CVEs November: 126 CVEs

Number of detected CVEs is under 100 for the second time in 2020

Vulnerabilities found in Adobe products

As far as Adobe-related CVEs are concerned, only 4 were detected that affected Adobe Prelude, Experience Manager, and Lightroom. Of the 4 detected CVEs detected, only the one that affected Lightroom was rated Critical.

Vulnerabilities found in Microsoft products

As always, CVEs that targeted Microsoft products are more numerous, and the affect the following services: Microsoft Windows, Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Office Services and Web Apps, Exchange Server, Azure DevOps, Microsoft Dynamics, Visual Studio, Azure SDK, and Azure Sphere. Of the 58 detected CVEs, they were rated as follows:

9 are rated as Critical 46 are rated as Important 3 are rated Moderate in severity

Which were some of the most severe CVEs?

Despite being few in numbers, a few CVEs did stand out, either because of their severity, or because of the way they acted. All in all, here are some of the most important CVEs discovered this month:

CVE-2020-17121 Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-17095 Hyper-V Remote Code Execution Vulnerability CVE-2020-16996 Kerberos Security Feature Bypass Vulnerability

December seems to be the month with the fewest detected CVEs in the entirety of 2020, bringing the grand total for this year to 1250. Keep in mind that if you use any of the Adobe or Microsoft products listed above, it is important to update your PC as soon as possible, either using the Windows Update menu, or via direct download links. If you want to learn more about the importance of Patch Tuesday updates, check out this guide where we will guide you through the best practices. For a complete list of all identified CVEs for the December Patch Tuesday updates, also take your time to check out this useful article. Have you identified any CVEs that weren’t covered by Microsoft yet? Don’t worry, they’ll probably fix those as well by next month, so just keep your eye on the changelogs. Let us know what you think about this month’s vulnerability briefing by leaving us a message in the comments section below.

Name * Email * Commenting as . Not you? Save information for future comments
Comment

Δ