The last Microsoft Patch Tuesday of 2020 was brimming with security patches, updating bugs affecting most Microsoft products.

While December 2020 Patch Tuesday may not have been the biggest of the year, it contained nine critical fixes, with 58 overall bug fixes for users.

What's in Microsoft's December 2020 Patch Tuesday?

Patch Tuesday refers to the first Tuesday of each month when Microsoft and other major tech companies release their security patches for the month. The security patches range from critical vulnerabilities to more basic issues.

Microsoft's final Patch Tuesday of 2020 contained the second-fewest vulnerabilities of the entire year. However, it also contained nine critical security vulnerabilities that require an immediate fix.

Contained in the Patch Tuesday bugs are fixes for Windows 10, Microsoft Edge, Microsoft Office, Exchange Server, and various Microsoft Azure products.

Of the nine bugs rated critical, all bar one are remote code execution vulnerabilities, affecting Microsoft Dynamics 365, Microsoft Exchange, and Microsoft SharePoint. The final fix remedies a critical memory corruption vulnerability with the Chakra scripting engine.

Related: How to Protect Yourself from a Zero-Day Exploit

Any patches involving a remote code execution vulnerability are incredibly important to install as soon as possible. Remote code execution effectively allows an attacker to access and make changes to a computer remotely.

As many of the Microsoft products these issues affect are enterprise-focused, it is important to patch the vulnerabilities. However, there is no indication that any of these critical vulnerabilities are being actively exploited in the wild at the time of writing.

There is a surprising lack of browser-related security patches. Dustin Childs of the Zero Day Initiative, an organization that seeks out zero-day vulnerabilities, writes:

Looking at the remaining Critical-rated updates, only one (surprisingly) impacts the browser. That patch corrects a bug within the JIT compiler. By performing actions in JavaScript, an attacker can trigger a memory corruption condition, which leads to code execution. The lack of browser updates could also be a conscious decision by Microsoft to ensure a bad patch for a browser does not disrupt online shopping during the holiday season.

What About Non-Critical Security Patches?

Microsoft has released 46 fixes rated important alongside the critical vulnerability fixes, with three fixes rated moderate.

The important fixes include several vulnerabilities for Microsoft Office programs, including remote code execution vulnerabilities for Excel, PowerPoint, and Outlook. Other Microsoft products receiving important security patches include SharePoint, Microsoft Exchange, Dynamics CRM, Visual Code Studio, Windows Error Reporting, and various Azure products.

Related: What's New in the Latest Windows 10 Cumulative Update?

When Is the Next Patch Tuesday?

The December Patch Tuesday is always lighter than other months of the year. Microsoft gives a small reprieve from the substantial number of security patches requiring installation each month.

Still, when security patches become available for your Microsoft product, you should install them as soon as you can.

Microsoft has issued over 1,200 patches in 2020, substantially more than the 840 pushed out during 2019. And, in case you're wondering, the first Patch Tuesday of 2021 arrives on 12 January.