Oracle released an out-of-band critical security update which addresses CVE-2016-0603 which can be exploited when installing Java SE 6, 7 or 8 on the Windows platform.
Important Note: The exposure exists only during the installation process. Thus, Java SE users who have downloaded any old version of Java SE prior to 6u113, 7u97 or 8u73 for later installation needs to discard the old downloads and replace them with 6u113, 7u97 or 8u73 or later.
The Java SE Advanced Enterprise installers are not affected.
Download InformationDownload link: Java SE 8u73
Java SE 8u74, which is a "patch-set" update, including all of 8u73 plus additional features can be found here. Select the appropriate version for your operating system.
Verify your version: http://www.java.com/en/download/testjava.jsp
- UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.
- Starting with Java SE 7 Update 21 in April 2013, all Java Applets and Web Start Applications should be signed with a trusted certificate. It is not recommended to run untrusted/unsigned Certificates. See How to protect your computer against dangerous Java Applets
Critical Patch UpdatesThe next scheduled dates of Oracle Java SE Critical Patch Updates are as follows:
- 19 April 2016
- 19 July 2016
- 18 October 2016
- 17 January 2017
- Java SE 8u73 Update Release Notes
- Java SE 8u74 Update Release Notes
- Oracle Security Alert for CVE-2016-0603
- Java, The Never-Ending Saga
- Oracle Quality Assurance Blog
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...