If you are unable to upgrade Flash, then disable the Flash browser plugin.Upgrade the Flash browser plugin to 13.0.0.206 for Windows/Mac and 11.2.202.356 for Linux.Use Enhanced Protected Mode in IE (available in 10 and higher).This was observed to mitigate exploitation of this vulnerability. Configure EMET 4.1 or 5.0 to protect Internet Explorer.To mitigate this vulnerability, users are encouraged to apply the following workarounds until the patch can be applied. Install this patch as soon as possible to address this vulnerability. Microsoft has released an out-of-band patch to address this vulnerability, MS14-021. Exploiting the Flash vulnerability allowed attackers to bypass ASLR and DEP (security protection mechanisms). The observed attacks rely on an exploit for Adobe Flash, which targets a now patched vulnerability, CVE-2014-0515. According to FireEye, attacks have been spotted in the wild targeting Internet Explorer 9 through 11.
The vulnerability lies within MSHTML.dll, and affects Internet Explorer 6 through 11. Over the weekend, on April 26, Microsoft released an advisory about an Internet Explorer use-after-free zeroday vulnerability, CVE-2014-1776, that is being exploited in the wild.
