Yesterday (Tue Feb 4), Adobe published a Security Bulletin and released an emergency patch for Flash v12 (for Windows and MacOS) and Flash v11 (for Linux) to address the vulnerability documented in CVE-2014-0497.

 

Concurrent with that, Microsoft has released patches for IE10 and IE11 (which have Flash embedded) as KB2929825. Make special note that this update is not cumulative, and it does require that the January update, KB2916266 is installed first.

 

The vulnerability is related to an integer underflow in Adobe Flash Player that allows remote attackers to execute arbitrary code via unspecified vectors. The vulnerabiity is being actively exploited.

 

How bad is it.... I'm still trying to track down authoritative information on that, but considering that next Tuesday, Feb 11, would have been the regular release of updates for Adobe products, it seems that Adobe felt this warranted being pushed a week earlier. If you're interested in an in-depth analysis, this is the original article reporting the discovery of the active zero-day exploit by Kaspersky.