Bad news for the Windows server admins, it would appear that at zero day exploit has surfaced that is extraordinary bad if you have Domain Controllers with the print-spooler service running (eg. printer role). The exploit allow an attacker to execute code as system via a normal domain user account. As of this post there is no patch available.
Stop and disable the “Printer Spooler” service on servers where it is not required (especially DC’s).