Sun has released update 20
of the Java 6 Standard Edition.
You get somewhat mixed emotions on this, because, on the one hand, Oracle assured everyone that there really was nothing to worry about with regards to the recently identified security flaw in the Java Web Start tooling, and that they wouldn't be issuing any immediate updates. And then, all of a sudden, they release a new update that seems to address that very problem, demonstrating that it was indeed something serious and needed to be taken care of immediately.
What do they say? It's never the crime, so much as the cover-up? Not that there's a big cover-up here, but it does seem that Oracle was a tad disingenuous with how serious they were about addressing this security problem.
"The about-face by Sun is another sign that some big vendors still struggle to understand the importance of working closely with white hat researchers to understand the implications of certain vulnerabilities. In this case, Google’s Ormandy was forced to use the full-disclosure weapon to force the vendor into a proper response."
Well, the update is out. Get ready for a bunch of annoying little messages poping out of the lower right-hand corner of your Windows desktop informing you of a new update that the Java Update Scheduler wants to install. And it looks like you better install it.