The security flaw affects every version of Flash Player and remained undetected until the catastrophic Hacking Team data breach.
Monthly security update addresses two dozen vulnerabilities, including one being exploited as part of the "Sandworm" cyberattack.
An Internet Explorer 8 vulnerability goes unfixed by Microsoft for more than half a year, reports the Zero Day Initiative.
Adobe and Microsoft patch a critical zero-day security flaw in Adobe's Flash Player that is actively being used to target Windows users, but the bug is different from an unpatched hole in Internet Explorer.
The flaw, which is being leveraged in "limited, targeted attacks," allows remote code execution, Microsoft warns.
A fix for a vulnerability hitting Internet Explorer versions 6 through 8 will be rolled out today at 10 a.m. PT.
Next week's patches will shore up holes in Windows and Office, but a permanent fix for the latest bug in Internet Explorer is still in the works.
Adobe is scheduled to release updates to Acrobat and Reader that address a zero-day flaw in the software that could allow an attacker to take control of a compromised system.
Flaw is found in the Transport Layer Security and Secure Sockets Layer protocols, which have typically been used online retailers and banks to provide security for Web transactions.
Security researcher says vulnerability in Windows 7 could lead to an attack causing a critical system error, or "blue screen of death."