Just an update now that I have seen a machine with the attack in a production environment.
When you do the "Verify Java" step, in some cases there will come up a small notification in the text that there are vulnerable versions still on the machine that need to be installed.
The attacks are specifically calling previous vulnerable Java versions, so they need to be removed as well as installing the latest version [currently 6 v30].
Soooo .. take the time to follow the link to see the versions you need to remove, then open up your Control Panel, Add/Remove Programs, and remove the vulnerable versions of Java.
In this particular machine, it was one of the first done, I missed the dialog the first time, so it was attacked. Sophos caught it, reported it to the Management Server, and I used the Management Server to finish the cleanup remotely.
Everything worked the first time other than the operator who missed the dialog. nothing like layered protection.
