In the past year, Microsoft (MS) has fixed a large number of vulnerabilities for Windows and its components, as well as for Office. Some of these vulnerabilities were used by attackers to deliver malicious code before a patch was available for the targeted software, or in other words, what we call a 0-day attack. Most of these attacks were focused on flaws in Internet Explorer.
We can say that the year 2013 was notable for the appearance of 0-day vulnerabilities that were primarily used in targeted attacks. In this case, criminal hackers worked on developing exploits, only not for random propagation of malicious code, but rather for use in attacks on specific users while pursuing a certain set of goals, some of which may be known only to the attackers.