Microsoft issues security advisory to alert users to an improper default configuration in Azure AD Connect. The issue increases the number of “stealthy admins” on corporate networks and makes businesses more vulnerable to targeted attacks. Microsoft released 34 security fixes in its December batch of security updates, which affect Windows, Office, Office Services and Web Apps, Exchange Server, Microsoft Malware Protection Engine, Internet Explorer, Edge, and ChakraCore. Microsoft advises admins to avoid using the AD DS account used by AD Connect when syncing to a directory.”]
Source: https://www.darkreading.com/cloud/microsoft-azure-ad-connect-flaw-elevates-employee-privilege