On January 31, 2018, KrCERT/CC released a security alert regarding a
vulnerability in Adobe Flash Player. Regarding this issue, Adobe Systems
has also released a security advisory about the vulnerability
(CVE-2018-4878). According to Adobe, the vulnerability is being
exploited in the wild. As of February 6th, 2017 a patch from Adobe is
available.
Recomendations:
Adobe has released a patch for this vulnerability, review its security bulletin to choose the proper patch.
Also, since Adobe Flash is deprecated, you should consider migrating any still used Adobe Flash to HMTL5
https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
Mitigations:
If for whatever reason the patch cannot be installed, the following workarounds may be consid-ered:
• Disable Adobe Flash on your browser or enable click-to-play in order to avoid running
undesired content.
• According Adobe, on Internet Explorer with Adobe Flash Player version 27 or later and on
Windows 7 or later, it is possible to display a prompt screen when SWF content is played.
Review the Administration Guide .
• Since the detected exploits were embedded on Microsoft Office documents, consider set-ting up Protected Views on them .