Oracle issued an emergency update to its widely-used Java web software on Sunday, but experts say it still contains security flaws.
Last week the US government advised users to disable it because of a bug that leaves computers vulnerable to being hacked.
Security specialists claim the fix has not done enough to make PCs secure.
Oracle says that more than one billion people use Java, and some games like Minecraft are built around it.
The bugs can make a computer open to infection by viruses. Last year net security specialist Kaspersky said that 50% of hacks carried out by seeking out software bugs were done via Java.
"We don't dare to tell users that it's safe to enable Java again," Adam Gowdiak, a researcher with Poland's Security Explorations told Reuters.
In a blog about the "unscheduled" update, Oracle says it has changed Java's default security settings to "high" which it says means users will be notified of any extra applications which start running while they are browsing.
Oracle says the vulnerability applies to the latest version of the software, Java 7. It has declined to comment.
Java is a programming language that enables software to run on many operating systems. It is also installable on web browsers.