Microsoft releases a security advisory that fixes the Privilege Escalation Vulnerability With Exchange Server. By exploiting this vulnerability an attacker could impersonate any other exchange user. An attacker could exploit this vulnerability by executing a man-in-the-middle attack and forwarding an authentication request to a Microsoft Exchange Server which allows impersonation of another Exchange user. Microsoft recommends Customers are strongly encouraged to test workarounds prior to deploying them into production to understand the potential impact If you are using an exchange server then it is recommended to block the EWS subscriptions from being created.”]
Source: https://gbhackers.com/security-advisory-privilege-escalation/