Weeks after the world first got wind of it, Microsoft has finally patched the Internet Explorer (IE) zero-day flaw the company said in January was being used in “limited targeted attacks”.

The fix is part of the February Patch Tuesday update that features a record 99 security vulnerabilities including 12 marked as ‘critical’ and 87 ‘important’.

The first indication of the IE zero-day, now identified as CVE-2020-0674, appeared when Mozilla fixed a very similar issue in Firefox on 8 January, less than two days after the appearance of version 72.

The attacks were reported to Mozilla by a third party which, in a later deleted reference, mentioned that the same issue also affected IE. On 17 January, Microsoft issued its own alert regarding the Scripting Engine memory corruption flaw, citing IE’s Enhanced Security Configuration protection as mitigation against attacks.

This matters because IE code is buried inside Windows 10, which means it presents a risk even to those not using it. In the last year, IE has had other similar troubles, including CVE-2019-1367, a zero-day in September, and a proof-of-concept vulnerability reported in April.

And that’s not all – CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, and CVE-2020-0767 are all Scripting Engine memory corruption issues connected to Edge and IE browsers.