On Saturday, April 26, Microsoft provided an announcement of a remote code execution vulnerability that affects all current versions of Internet Explorer (versions 6-11) and that is actively being exploited. The vulnerability exists in how Internet Explorer manages flash code. No patch is currently available. See the following URLs for additional information.
As of April 28, Adobe issued a flash update, but all indications are that this does not address the vulnerability identified on 4/27-28.
See the following URL for details – https://helpx.adobe.com/security/products/flash-player/apsb14-13.html
Update May 1 11:45 a.m.
All indications are MS will be issuing an out of band patch for this in the next hour.