For other computer users, a first step may be to check what version of Java you're running. The US-CERT announcements focus on Java 7. Computer-security blogger Brian Krebs notes some uncertainty about whether other versions going back to Java 4 are affected. But he points to evidence suggesting the problem is limited to version 7.
Oracle, the owner of Java, said on Twitter that the problem is limited to "JDK7," or version 7, and that it hopes to have a fix available "shortly." (JDK stands for Java Development Kit.)
Mr. Krebs suggests that Internet users visit a Java Web page where they can confirm whether the software is running on their machines, and which version. Click the “Do I have Java” link, which is below a big red “download” button.
Now, if you have a version of Java you want to disable, here’s what US-CERT said Thursday: “Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet.”
Citing a document from Oracle (Java’s corporate owner), CERT describes the following steps:
1) Make sure you have Java 7 Update 10. If not, you can upgrade. (A quick reminder: As this story just noted, if you have version 6 or prior, you may not want to upgrade or disable Java for now.)
2) Go to the Java control panel.
3) In the Security tab, de-select “Enable Java content in the browser.”