Microsoft has averaged roughly 90 common vulnerabilities and exposures (CVE) fixes per month over the past five months. With everyone working from home and apparently focused on bug fixes, I expect this large CVE fixing trend to continue. Despite these record CVE numbers, the actual number of updates have been down; we haven’t seen Exchange or SQL Server updates in a while.
The hot topic of conversation over the last two weeks has been the release of out-of-band security updates for CVE-2020-1425 and CVE-2020-1427, both of which address a memory issue within the Microsoft Windows Codecs Library.
While Microsoft does security updates out-of-band from time to time, the points of contention were these updates were only available from the Microsoft Store and were released with very limited information. The fact that CVE-2020-1425 is ..
Support the originator by clicking the read the rest link below.