Regarding the corporate users, I think actually most of them should not need any of those 3 plugins enabled:
1. Acrobat Reader plugin: use some less popular PDF reader which is not that commonly attacked
2. Flash: you shouldn't play Flash games in the office ;) For Youtube, you can enable HTML5 version in modern browsers
3. Java: IMO it's mostly needed in IE6-dating web apps but I might be very naive here...
Regarding Acrobat: there's a built-in PDF reader coming in Firefox soon (pdfjs). Currently I do not use any plugin, just make the browser download a PDF and render it in SumatraPDF or PDF Xchange Viewer.
Exactly. BTW are the fill-in PDF forms that prevalent? I've only been using them once a year to fill my tax declaration which sadly requires installation of Adobe Reader plugin in Poland. I feel the corpo world prefers Excel for that kind of things :)
Operating systems and/or CPUs need to be less predictable in terms of how they lay out memory. All of these "new" security exploits are nearly always a new form of the same old buffer overflow attack that people have been using since the beginning of time.
Company-wide install of NoScript? But that wouldn't save you if a trusted site got compromised.
Maybe they should prohibit use of all commonly targeted software? (Flash, Acrobat Reader, Java..)
This seems really serious. Surely someone must be working on a better way to protect against this kind of thing?