Enlarge Microsoft on Tuesday patched 120 vulnerabilities, two that are notable because they’re under active attack and a third because it fixes a previous patch for a security flaw that allowed attackers to gain a backdoor that persisted even after a machine was updated. Zero-day vulnerabilities get their name because an affected developer has zero days to release a patch before the security flaw is under attack.