It’s a good step forward in protecting users from malvertizing, but not a panacea. Cite: https://blogs.windows.com/msedgedev/2016/04/07/putting-users-in-control-of-flash/ By the way, have you updated Flash recently on your local computer? Please do so. You can check the version you have installed here.
https://www.ftc.gov/news-events/press-releases/2015/12/oracle-agrees-settle-ftc-charges-it-deceived-consumers-about-java How were Oracle deceptive? By only removing the most recent vulnerable version of Java from user’s computers, leaving older versions in situ. “In 2011, according to the FTC’s complaint, Oracle was aware of the insufficiency of its update process. Internal documents stated that the “Java update mechanism is not aggressive enough or simply not […]
Details here: http://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-blocking-out-of-date-activex-controls.aspx