So... we've got quite an issue on our hands as a security community with these IE   and Java  0days for which there's still no patch from either Oracle or Microsoft for the Metasploit available exploits. Oracle did release a patch for Java 7, but apparently, it's not entirely effective.
Anyone blocking all Java file types, user agents at the border? What's it break other than webex and gotomeeting for Firefox users?
Anyone gone so far as to block IE and give users a message to use Firefox or Chrome?
I do not know your business, but I personally think it is generally a good idea to have a whitelist of web sites that are allowed to use java applets. (Which is also true for java script and flash.) Block all the rest you do not need.
Again, it's my personal opinion; maybe not generally considered as best practice.
This depends on the organization. Where I am IT is certainly trying to protect through restrictions, but we're still just another department under executive managment. If they don't want to hear complaints from users they'd rather open up the web with an attitude of "That's why we have McAfee, isn't it?"
In an environment where we've already decided we only use IE with a MWG7 that blocks certain categories and has an AV scanner, we're kinda stuck.
It's harder to take freedoms away from users when they've already had them for years. You end up looking like chicken little yelling about how the sky is faling to those who merely wish to keep the status quo.