Even though Oracle patched critical Java vulnerabilities on Monday, the U.S. Computer Emergency Readiness Team (US-CERT) is still urging users to disable Java browser plug-ins.