Liam O Murchu, manager of operations for , adds some interesting trivia. "Another interesting point to note regarding this vulnerability is that the exploit was found on the same servers being used as . In August, Symantec observed that the cybercriminals behind this ongoing targeted attack campaign, which initially targeted companies in the chemical industry, had ramped up their efforts with several new techniques and a Java zero-day vulnerability."

Essentially, if you can remove Java you should do so. Regardless of Java, though, businesses and consumers alike should always be vigilant about ActiveX controls or Active Scripting executing within the browser and take steps to guard against malicious code.

The next routine Patch Tuesday isn't scheduled until October 9. It seems reasonable to assume Microsoft will release an out-of-band patch for this flaw before then.