That update patches a pair of vulnerabilities in Microsoft's DNS (domain name system) service, which is used by many organizations to translate Internet addresses into the domains recognizable to humans.

Microsoft ranked one of the MS11-058 bugs as critical on Windows Server 2008 and Server 2008 R2 when running the DNS service, and warned that attackers could remotely exploit such servers simply by sending it a malformed query.

"[That] could potentially allow an attacker who successfully exploited the vulnerability to run arbitrary code on Windows Server 2008 and Windows Server 2008 R2 DNS servers having a particular DNS configuration," said Microsoft in a follow-up post to its today.

"This is significant, as the majority of organizations running Microsoft-based networks do have DNS activated on their servers," said Marcus Carey, a security researcher with Rapid7, in an email today.

Kandek seconded that as he pushed for MS11-058 to make second on the patch-ASAP list. "Microsoft's DNS service is pretty widely deployed, many IT shops have it in place," he noted.