IT departments are expected to protect their organizations from existing vulnerabilities and from the thousands of new ones disclosed every year. Unfortunately, when it comes to vulnerability remediation, many organizations face an excess of cyber-threats and a shortage of infosec professionals. To weather this storm, IT departments must prioritize remediation, so that they can promptly fix the vulnerabilities that represent the greatest risk to their organization at any given point in time. In this presentation we will discuss a year-long study of exploits kits, attacks and vulnerability attributes and learn how to use them for prioritization. We will share best practices for improving remediation and reducing risk in the age of vulnerability disclosure overload.