Oracle is closing a critical code injection vulnerability in PeopleSoft with an update outside of its usual schedule.