Remote Code Execution for Flash Player
A successful exploitation could allow a potential attacker to take control of the affected system.
A critical vulnerability exists in Adobe Flash Player 184.108.40.206 and earlier versions. an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.
Adobe will address this vulnerability in a release planned for the week of February 5.
The most secure course of action is to disable Flash Player or uninstall it entirely either until the patch arrives.
If you need it installed and running, there is a few things you can do :
Most modern browsers integrate a functionality to enable Click-to-play for plugins like flash player, prompting the user to click to use the plugin instead of executing everything by default.
For more details : https://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/
Beginning with Flash Player 27, administrators have the ability to change Flash Player's behavior when running on Internet Explorer on Windows 7 and below by prompting the user before playing SWF content.
For more details : https://www.adobe.com/content/dam/acom/en/devnet/flashplayer/articles/flash_player_admin_guide/pdf/flash_player_27_0_admin_guide.pdf
Administrators may also consider implementing Protected View for Office. Protected View opens a file marked as potentially unsafe in Read-only mode.
For more details : https://support.office.com/en-us/article/what-is-protected-view-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653#bm5