There was a major vulnerability announced yesterday for Windows server, it affects all versions going right back to 2003 and has a CVSS score of 10.0 which is the highest (worst) you can get.
Yesterday Microsoft released an update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0, which is the highest there is. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are not affected.
It is recommended that all businesses take immediate steps to mitigate the risk.
More details on the vulnerability and resolution steps can be found here