Oracle issued an out-of-box emergency patch for Java platform running on Windows machines that fixes the critical vulnerability coded as CVE-2016-0603. The vulnerability could be exploited by an attacker to trick users into visiting a malicious website and downloading files on the target system before installing Java 6, 7 or 8. Oracle recommends users to ensure that they are running the most recent version of Java SE and that all older releases of the software have been completely removed. Oracle further advises against downloading Java from sites other than Java.com as these sites may be malicious.”]
Source: https://securityaffairs.co/wordpress/44336/security/cve-2016-0603-java-flaw.html