Exercise Solution: Recommending Remediation Strategies

Depending on your thought process you may come up with different sequences for fixing the issues. Generally you want to think about which risks you should accept, avoid, or transfer.

Avoid: Adjust program requirements or constraints to eliminate or reduce the risk. This adjustment could be accommodated by a change in funding, schedule, or technical requirements. These four are here because they are higher risk.
CVE-2019-16444 Adobe Acrobat (critical according to MITRE/high nessus)
CVE-2019-7183 Error handling (critical according to MITRE/high nessus)
CVE-2019-1483 Windows priv escalation (High unanimously)
CVE-2019-8512 iOS issue(medium MITRE/high nessus)

Transfer: Reassign organizational accountability, responsibility, and authority to another stakeholder willing to accept the risk.

Accept: Acknowledge the existence of a particular risk, and make a deliberate decision to accept it without engaging in special efforts to control it. Approval of project or program leaders is required.
CVE-2019-20669 Netgear (low risk)
CVE-2014-3211 Publify software (medium/high however blogging engine may not be as critical)