Microsoft has averaged roughly 90 common vulnerabilities and exposures (CVE) fixes per month over the past five months. With everyone working from home and apparently focused on bug fixes, I expect this large CVE fixing trend to continue. Despite these record CVE numbers, the actual number of updates have been down; we haven’t seen Exchange or SQL Server updates in a while.

The hot topic of conversation over the last two weeks has been the release of out-of-band security updates for CVE-2020-1425 and CVE-2020-1427, both of which address a memory issue within the Microsoft Windows Codecs Library.