From Microsoft's own web site:
"A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.
To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server."
Microsoft's KB article concerning the vulnerability states:
"This advisory describes a Critical Remote Code Execution (RCE) vulnerability that affects Windows servers that are configured to run the DNS Server role."