Brian Krebs is reporting that a new zero day vulnerability and matching exploit are making the rounds, with no patch or fix in sight.
My recommendation is to consider disabling the java browser plugin or implementing no script with a policy to only allow java originating from intranet sites.
Be careful out there!