On Saturday, April 26, Microsoft provided an announcement of a remote code execution vulnerability that affects all current versions of Internet Explorer (versions 6-11) and that is actively being exploited.  The vulnerability exists in how Internet Explorer manages flash code. No patch is currently available.  See the following URLs for additional information.

https://technet.microsoft.com/en-US/library/security/2963983

http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

As of April 28, Adobe issued a flash update, but all indications are that this does not address the vulnerability identified on 4/27-28.

See the following URL for details – https://helpx.adobe.com/security/products/flash-player/apsb14-13.html

Update May 1 11:45 a.m.

All indications are MS will be issuing an out of band patch for this in the next hour.

https://technet.microsoft.com/en-us/library/security/ms14-may.aspx