Only 62 CVEs discovered in December during Patch Tuesday
3 min. read
Published on
Share this article
Improve this guide
Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more
Key notes
- 62 CVEs were discovered and solved this month, all of which vary in behavior and severity.
- Some CVEs targeted Adobe products, while a whole lot more covered Microsoft products.
- Our Security & Privacy section is filled with articles that will help you protect your PC from threats.
- We also have a Patch Tuesday Hub where we cover all that is happening during this monthly event.
Along with December comes the last round of Patch Tuesday updates, and with it also come the much-awaited CVE reports from Microsoft.
While 2020 hit a record-breaking number of detected CVEs, enough to surpass those of 2019 by August, users are still curious to see whether this ascending trend will continue.
Some may remember how back in October the number of CVEs finally dropped, only to go back up again in November, which is all the more reasons to see what December will bring.
Take a closer look at this quick rundown on the number of CVEs that have been tracked down this year:
- February: 99 CVEs
- March: 115 CVEs
- April: 118 CVEs
- May: 147 CVEs
- June: 139 CVEs
- July: 136 CVEs
- August: 146 CVEs
- September: 147 CVEs
- October: 88 CVEs
- November: 126 CVEs
Number of detected CVEs is under 100 for the second time in 2020
Vulnerabilities found in Adobe products
As far as Adobe-related CVEs are concerned, only 4 were detected that affected Adobe Prelude, Experience Manager, and Lightroom.
Of the 4 detected CVEs detected, only the one that affected Lightroom was rated Critical.
Vulnerabilities found in Microsoft products
As always, CVEs that targeted Microsoft products are more numerous, and the affect the following services:
Microsoft Windows, Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Office Services and Web Apps, Exchange Server, Azure DevOps, Microsoft Dynamics, Visual Studio, Azure SDK, and Azure Sphere.
Of the 58 detected CVEs, they were rated as follows:
- 9 are rated as Critical
- 46 are rated as Important
- 3 are rated Moderate in severity
Which were some of the most severe CVEs?
Despite being few in numbers, a few CVEs did stand out, either because of their severity, or because of the way they acted.
All in all, here are some of the most important CVEs discovered this month:
- CVE-2020-17121
- Microsoft SharePoint Remote Code Execution Vulnerability
- Microsoft SharePoint Remote Code Execution Vulnerability
- CVE-2020-17095
- Hyper-V Remote Code Execution Vulnerability
- Hyper-V Remote Code Execution Vulnerability
- CVE-2020-16996
- Kerberos Security Feature Bypass Vulnerability
- Kerberos Security Feature Bypass Vulnerability
December seems to be the month with the fewest detected CVEs in the entirety of 2020, bringing the grand total for this year to 1250.
Keep in mind that if you use any of the Adobe or Microsoft products listed above, it is important to update your PC as soon as possible, either using the Windows Update menu, or via direct download links.
If you want to learn more about the importance of Patch Tuesday updates, check out this guide where we will guide you through the best practices.
For a complete list of all identified CVEs for the December Patch Tuesday updates, also take your time to check out this useful article.
Have you identified any CVEs that weren’t covered by Microsoft yet? Don’t worry, they’ll probably fix those as well by next month, so just keep your eye on the changelogs.
Let us know what you think about this month’s vulnerability briefing by leaving us a message in the comments section below.
[wl_navigator]
