This month's dose of Patch Tuesday from Microsoft fixes a massive 99 security vulnerabilities, including 12 issues that are rated as critical. ZD Net has an overview over here.
On January 17, Microsoft disclosed ongoing attacks where hackers were using [a] IE zero-day, however, at the time, the OS maker could not provide a patch. This patch is now included with this month's cumulative security updates.
On top of this patch, there are 98 others, of which, 11 bugs have received a grading of "critical," the highest available.
Most of the critical bugs are remote code execution and memory corruption bugs in services such as the IE scripting engine, the Remote Desktop Protocol service, LNK files, and the Media Foundation component.