Background
On May 10, 2016, a new critical vulnerability was announced for Adobe Flash Player versions 21.0.0.226 and earlier. Adobe reported that this vulnerability was being exploited in the wild and categorized the severity of this vulnerability as “Critical". Threatpost.com published a notice of three exploit kits that have integrated code exploiting the vulnerability on May 23.
Adobe released an update on May 12 to version 21.0.0.242 that addressed these vulnerabilities.
Impact
Platforms affected
Flash Player 21.0.0.226 and earlier.
Local observations
IU's Unified Device Management service updated Flash to version 21.0.0.242 on May 23. Computers that are part of the Global Patching Service should have received the update after 1 a.m. that day.
Those managing systems that are not part of Unified Device Management and are not using Secunia's CSI and a local WSUS server should update Flash to the latest version.
UISO recommendations
Further reading