Prioritize these vulnerabilities

Only 2%-7% of published vulnerabilities are seen exploited in the wild.

If you focused your remediation efforts on these, you would sort CVSS entries for:

1. Code execution or SQL injection vulnerability
2. Remotely exploitable
3. In a Microsoft product
4. With an exploit available on ExploitDB, Metasploit, or GitHub
5. A CVE that has a higher number of external references
6. Requiring no privileges

Remediate vulnerabilities that are known to be exploited first.

If you start there, you'll get 80% of returns for 20% of the efforts.