Oracle has released a Security Alert Advisory for an Oracle Database vulnerability (CVE-2018-3110) in versions 22.214.171.124 and 126.96.36.199 on Windows.
The vulnerability carries a very high CVSS v3 base score of 9.9 (10 being the highest).
According to Oracle, an exploit of this vulnerability “can result in complete compromise of the Oracle Database and shell access to the underlying server. CVE-2018-3110 also affects Oracle Database version 188.8.131.52 on Windows as well as Oracle Database on Linux and Unix, however patches for those versions and platforms were included in the July 2018 CPU.”
Oracle recommends system admins patch without delay.