On Saturday, April 26, Microsoft provided an announcement of a remote code execution vulnerability that affects all current versions of Internet Explorer (versions 6-11) and that is actively being exploited. The vulnerability exists in how Internet Explorer manages flash code. No patch is currently available. See the following URLs for additional information.
https://technet.microsoft.com/en-US/library/security/2963983
As of April 28, Adobe issued a flash update, but all indications are that this does not address the vulnerability identified on 4/27-28.
See the following URL for details – https://helpx.adobe.com/security/products/flash-player/apsb14-13.html
Update May 1 11:45 a.m.
All indications are MS will be issuing an out of band patch for this in the next hour.
https://technet.microsoft.com/en-us/library/security/ms14-may.aspx