From Microsoft Malware Protection Center Blog:
Whilst working on our normal data pull and analysis for the Microsoft Security Intelligence Report (v9 - released last week), I embarked on a mini discovery mission on the exploit data that MMPC detects with our antimalware technology. Although the main focus of antimalware software is on traditional malware families, antimalware technologies can do a good job when it comes to file exploits that require a lot of parsing, such as exploit-laden movies, documents, and ... Java.
The Java spike in Q3 is primarily driven by attacks on three vulnerabilities, which all, by the way, have had patches available for them for some time now. The first two, in particular, have gone from hundreds of thousands per quarter to millions.
In short, the problem in Java has been patched but many (millions?) of users aren't patching in timely manner.