Microsoft is warning customers of a bug in its Azure Active Directory Connect product that could allow an adversary to reset passwords and gain unauthorized access to user accounts. The advisory (4033453) was issued Tuesday via Microsoft s TechNet website for the vulnerability which it rated important Remediation includes upgrading to the latest version of Azure AD Connect (1.1.553.0) The vulnerability was assigned the CVE identifier CVE-2017-8613. Microsoft: An on-premises AD Administrator may have inadvertently granted the service with Reset Password permission.
Source: https://threatpost.com/microsoft-issues-important-security-fix-for-azure-ad-connect/126596/