Oracle plans to fix 40 holes in Java
Oracle is planning Critical security patch update for the Java SE that are going to be released on Tuesday, June 18, 2013. This Critical Patch Update is a collection of patches for multiple security vulnerabilities in Oracle Java SE. This Critical Patch Update contains 40 new security vulnerability fixes. 37 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible. on the other hand Microsoft released a Fix it to disable the Java this may be a good solution to avoid being a attacked by Java vulnerabilities.
According to Microsoft “In the past few years, Java as a platform has been the target of numerous malware attacks, which exploit a number of Java runtime vulnerabilities on the target machines. The rise in Java exploitation has been attributed largely to unpatched software, although 0-day issues do creep in occasionally.”
So make sure to have Fix it by Microsoft as the patch is not yet available. While it is better that you disable Java in the browser and if Jave is required user may activate the click-to-play functionality.