Sunday, February 07, 2016

Java Out-of-Band Critical Security Update


Oracle released an out-of-band critical security update which addresses CVE-2016-0603 which can be exploited when installing Java SE 6, 7 or 8 on the Windows platform. 

Important Note:  The exposure exists only during the installation process.  Thus, Java SE users who have downloaded any old version of Java SE prior to 6u113, 7u97 or 8u73 for later installation needs to discard the old downloads and replace them with 6u113, 7u97 or 8u73 or later. 

The Java SE Advanced Enterprise installers are not affected.

Download Information

Download link:  Java SE 8u73

Java SE 8u74, which is a "patch-set" update, including all of 8u73 plus additional features can be found here.  Select the appropriate version for your operating system.

Verify your version:

  • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.
  • Starting with Java SE 7 Update 21 in April 2013, all Java Applets and Web Start Applications should be signed with a trusted certificate.  It is not recommended to run untrusted/unsigned Certificates.  See How to protect your computer against dangerous Java Applets

Critical Patch Updates

The next scheduled dates of Oracle Java SE Critical Patch Updates are as follows:
  • 19 April 2016
  • 19 July 2016
  • 18 October 2016
  • 17 January 2017


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: