According to Trusteer, more than 68% of internet users are still vulnerable to attacks that exploit the Oracle vulnerabilities.
This may be the biggest security hole on the internet today, says the firm, since 73% of internet users are using Java.
Trusteer adds that its Secure Browsing Service has already warned 14 million users to immediately apply the Java patch, which then protects them against financial malware such as Zeus, that exploit the vulnerabilities in unpatched versions of Java.
After sampling large numbers of internet users, Trusteer reports than only 7% of Java users have installed the latest update.
This, says Trusteer, is worrying because the majority of Java users on the internet are vulnerable to a large and growing number of Java exploits in the wild.
According to a Microsoft security blog, the vulnerabilities covered by the critical patch provide "...an unprecedented wave of Java exploitation."
Trusteer says it believes it is the single most exploitable vulnerability on the web today.
Mickey Boodaei, Trusteer's CEO, said that, from a security threat standpoint Java is very much like Adobe Flash in that it is a ubiquitous technology installed on virtually every computer in the world, which makes an ultimate platform for distributing malware.
"Using vulnerabilities in these applications is extremely efficient since it enables criminals to target more than two thirds of internet users", he said.
"Oracle is facing some major security challenges and one of its biggest hurdles is its software update mechanism. For some reason, it is not effective enough in distributing security patches to the field", he added.
Boodaei went on to say that Adobe experienced the very same problem last year and since then Flash has been the subject of multiple attacks.
"To date Adobe hasn't managed to overcome the problem although they are trying and have plans to introduce more security features in their future releases", he noted.