We knew an Adobe Flash zero-day hole was about to be plugged, and sure enough, we got the corresponding Windows update.
The patch is unusual in that it involves a change in KB number -- Microsoft's old MS16-064 patch (which didn't cover this Flash hole) was KB 3157993. This new patch, which covers the latest ASPB16-15 megapatch from Adobe, is known as KB 3163207.
If you installed the old patch, you still need to install the new patch. If you didn't install the old patch, this new one touches all the bases.
ASPB16-15 covers 25 separately identified security holes (gotta love Flash), but one in particular has folks worried. It's identified as CVE-2016-4117, and it's out in the wild. Adobe Security Advisory 16-02, released three days ago, dishes the dirt:
A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player 22.214.171.124 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild.
I've been pushing to get rid of Flash for five years now. It's time, folks. If you visit a site that demands Flash, find a way around it, then write a flaming missive to the folks who insist on sullying their site with such crapware.
Chris Hoffman at How to Geek has a full rundown on how to exorcise Flash from your Windows system.