This issue only affects Applets and Web Start applications. It does not affect other types of Java applications.
Users upgrading to Java 7 update 45 will automatically fix this and is strongly recommended.
There are two items involved as described on the deployment flowchart:
Java clients periodically check in to understand what version contains the most recent security patches. Versions are released in-between that contain bug fixes. For example:
The security slider is located within the Java control panel and determines which Applets & Web Start applications will prompt, which will run, and which will be blocked.
One of the questions used to determine prompt/run/block is, “At or Above the Security Baseline.”
The resulting flow of users who click "update later" is:
As a reminder, in the future, Java 7u51 (January 2014) will block unsigned and self-signed Applets & Web Start applications by default.