CVE numbers are on the rise, with 147 found in September

Milan Stanojevic
by Milan Stanojevic
Deputy Editor
Affiliate Disclosure
Share this article:

  • The August Patch Tuesday updates have come bearing improvements for Windows 10, and 147 CVE reports.
  • The vulnerabilities that were discovered cover both Microsoft and Adobe products.
  • In order to protect yourself from them, get the latest Patch Tuesday updates as soon as possible.
  • To find out more about this monthly Microsoft event, visit our comprehensive Patch Tuesday page.
September 2020 CVE report

With the 9th round of Patch Tuesday updates of the year 2020, the center focus of pretty much everyone is the security improvements.

While everyone does indeed eagerly await all the new features and performance improvements, the main focus of the Patch Tuesday updates is the list of CVEs that come with it.

Unfortunately, 2020 has proven to be quite a challenging year as far as security goes, with the numbers detected so far almost exceding the entirety of last year.

Here’s a little rundown on the number of CVEs that have been tracked down this year:

Keeping up with this unfortunate trend, the September Patch Tuesday delivers 147 vulnerabilities that have been detected and dealt with.

As always these affect both Microsoft and Adobe-related vulnerabilities, ranging in severity from Important to Critical.


147 vulnerabilities were identified this month alone

As usual, Microsoft products present the most vulnerabilities, with 128 found out of the total 147, the remaining 18 being attributed to Adobe products.

Vulnerabilities found in Adobe Products

This month vulnerabilities were found for 3 Adobe products:

  • InDesign
  • Framemaker
  • Adobe Experience Manager

While InDesign has 5 memory corruptions fixes, Framemaker had to have two Critical-rated vulnerabilities fixed: an out-of-bounds read and a stack-based buffer overflow.

Vulnerabilities found in Microsoft Products

As always, many more Microsoft products had vulnerabilities discovered that were attributed to them. These include products like  Microsoft Windows, Edge (EdgeHTML-based and Chromium-based), ChakraCore, Internet Explorer (IE), SQL Server, and more.

Of the 129 total vulnerabilities discovered, 23 were rated as Critical, 105 were deemed Important, and one was considered Moderate.

Which were some of the most severe CVEs?

Of the 129 discovered vulnerabilities, here are some that stood out more than the others:

  • CVE-2020-16875
    • Microsoft Exchange Memory Corruption Vulnerability
  • CVE-2020-1129
    • Microsoft Windows Codecs Library Remote Code Execution Vulnerability
  • CVE-2020-0922
    • Microsoft COM for Windows Remote Code Execution Vulnerability
  • CVE-2020-0951
    • Windows Defender Application Control Security Feature Bypass Vulnerability

As mentioned earlier, Vulnerabilities have been on a rise, and while September does boast just one more vulnerability compared to August, this is just a reminder that this is the 7th month with over 110 discovered vulnerabilities,

For a complete list of all identified CVEs for the September Patch Tuesday updates, head over to this dedicated article, and you’ll find everything there is to know there.

If you know of any other vulnerabilities that haven’t yet been covered this month, then it will most likely be fixed by the next Patch Tuesday updates.

Speaking of which, the next round of updates will be available starting with October 12.


FAQ: Learn more about CVEs

  • How are CVEs rated?

CVEs are rated from Important to Critical, with the criteria being base don how easy it is to exploit the vulnerability, and how severe the consequences may end up being.

  • What is the difference between a CVE and a CVESS?

While the CVE is the vulnerability, the CVSS represents the severity of it.

  • Are more vulnerabilities being discovered?

As far as the year 2020 is concerned, we have already exceeded the number of vulnerabilities found in 2019 back in August.