According to the MS advisory there is an update for Technical Preview.
People need to stop including Flash in their website code.
Flash programs (e.g. games) should be run in a standalone VM (i.e. no network connections).
I haven't run Java outside of a VM, for at least 5 years.
When my friend and I first read about Java (many years ago) we both thought that it was "a disaster waiting to happen".
Flash was updated to day to fix this exploit. (Flash 220.127.116.117). But then they found another exploit in this new version and it will be patched the week of Jan 26
Adobe Product Security Incident Response Team (PSIRT) Blog | Working to help protect customers from vulnerabilities in Adobe software. Contact us at PSIRT(at)adobe(dot)com.
apart from the vulnerabilities of Flash and Java this amplifies my often made point about using 3rd part AV software on W8/8.1/W10 - that it's a total and utter waste of time. Ms can react far quicker and issue an update to Windows defender which is part of the proprietary windows code. 3rd party suppliers have to reverse engineer windows kernel (not easy) and do any number of things to ensure their stuff works and reverse engineering or "dis-assembling" a complex system like windows isn't a trivial task.
3rd party AV suppliers have had their time -- it's GONE now -- any Windows OS past W7 doesn't need this stuff any more.
(Home computers of course --protecting large corporate networks is another issue but then you are talking about Enterprise grade packages - both complex and definitely not cheap).
I'm still amazed at how many times I get pestered in a computer retail store to buy an add on "AV" package if I'm say getting a laptop or whatever. The sales staff simply can't believe when I say - don't bother selling me Norton or whatever - Windows has a perfectly good built in system already.
HTML5 should replace all Flash references, the same way Barry Allen replaced Jay Garrick.
Over time, it will - I only wish it were faster.
Thank you Malewarebytes Anti-Exploit.
After fully updating Flash and Windows 8.1 I was browsing my local TV station.
Clicked on a Flash video and ZAP! MB A-E blocked an exploit.
So I will run extra protection but to each his own.
Adobe has fixed the exploit in 18.104.22.1687 and new version to be release real soon.
UPDATE (January 24): users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 22.214.171.1246 beginning on January 24. This version includes a fix for CVE-2015-0311. Adobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11.