Only way to fix Flash...
.. is to uninstall it.
Microsoft's popped out a Security Update for Adobe Flash. Adobe did likewise last week, celebrating hackers' love for Flash by releasing it on Valentine's Day. That dump addressed no fewer than 13 CVEs that allowed code execution due to: Type confusion vulnerability Integer overflow vulnerability Use-after-free …
Well you could just disable it in the browser. Apart from tin-foil tittle-tattle, do we have evidence that this is not sufficient? Is there some way for a web-site to turn it back on again? Does Windows Update sometimes turn it back on again? I would imagine not, but if anyone has evidence to the contrary then that would indeed be interesting.
"Adobe did likewise last week [...] Microsoft's now caught up"
Why the hurry? It's not as if after Adobe's patches every script kiddy knows the vulnerabilities and starts exploiting them. What's one week (or a few million vulnerable machines) in a billion-years old universe... no need to rush.
Perhaps Microsoft's telemetry is telling them that pretty much everyone has disabled Flash by now.
Unlikely, but if it does ever go that way then I wouldn't expect MS to tell anyone. In particular, I can't imagine them turning to Adobe and saying "Hey, you know all the Flash fixes you send us each month? You needn't bother. No-one is still using it. We have the proof.".
I have one thing left that needs flash, VMware Vcenter. Unfortunately, I need to use it for work. I have a separate browser just for that.
That's one example of a growing problem. Many intranets contain legacy devices that need older protocols or ciphers, but for various reasons can't be easily replaced. As the browser companies delete support for those older features, we're forced to use obsolete browser versions to talk with these legacy systems. This becomes a big problem when you have to provide a secretary with two browsers, and tell them "only use browser B for X". They often forget, and venture out on the internet with the wrong browser.