heads-up: @taviso's java 0day vuln now being used in an active in-the-wild attackSince Oracle (Sun) has not issued an official communication about this issue, the only mitigation information available is from Google's Tavis Ormandy.
Internet Explorer users can be protected by temporarily setting the killbit on CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA. To the best of my knowledge, the deployment toolkit is not in widespread usage and is unlikely to impact end users. Mozilla Firefox and other NPAPI based browser users can be protected using File System ACLs to prevent access to npdeploytk.dll. These ACLs can also be managed via GPOI would expect Ryan will be giving more details on the detected attacks @ at Threatpost.com.