Oracle released an out-of-band critical security update which addresses CVE-2016-0603 which can be exploited when installing Java SE 6, 7 or 8 on the Windows platform.
Important Note: The exposure exists only during the installation process. Thus, Java SE users who have downloaded any old version of Java SE prior to 6u113, 7u97 or 8u73 for later installation needs to discard the old downloads and replace them with 6u113, 7u97 or 8u73 or later.
Download link: Java SE 8u73
Java SE 8u73 Update Release Notes
Important Note: The exposure exists only during the installation process. Thus, Java SE users who have downloaded any old version of Java SE prior to 6u113, 7u97 or 8u73 for later installation needs to discard the old downloads and replace them with 6u113, 7u97 or 8u73 or later.
Download link: Java SE 8u73
Java SE 8u73 Update Release Notes