Windows privilege escalation vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog, adding critical flaws from Oracle, Mozilla, Microsoft Windows, and the Linux Kernel. The newly added vulnerabilities include: - CVE-2010-3765: Mozilla Multiple Products Remote Code Execution Vulnerability - CVE-2010-3962: Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability - CVE-2011-3402: Microsoft Windows Remote Code Execution Vulnerability - CVE-2013-3918: Microsoft Windows Out-of-Bounds Write Vulnerability - CVE-2021-22555: Linux Kernel Heap Out-of-Bounds Write Vulnerability - CVE-2021-43226: Microsoft Windows Privilege Escalation Vulnerability - CVE-2025-61882: Oracle E-Business Suite Unspecified Vulnerability CVE-2025-61882 has a CVSS score of 9.8 and allows unauthenticated remote attackers to control the Oracle Concurrent Processing component, affecting versions 12.2.3 to 12.2.14 of the Oracle E-Business Suite. It was exploited by the Cl0p ransomware group, and Oracle has released an emergency patch. CVE-2013-3918 was previously used in the 2009 Aurora attack and later by the EQUATION group against government entities in Afghanistan. Federal agencies must address these vulnerabilities by October 27, 2025, as per Binding Operational Directive (BOD) 22-01, which also recommends private organizations review the KEV catalog.