Microsoft released a security advisory with mitigation measures and workarounds for an elevation of privilege vulnerability affecting Microsoft Exchange 2013 and newer. The vulnerability was made public by security researcher Dirk-jan Mollema, together with a proof-of-concept tool named PrivExchange. To exploit the vulnerability, an attacker would need to execute a man-in-the-middle attack to forward an authentication request to a Microsoft Exchange Server, thereby allowing impersonation of another Exchange user. This could come with some negative and unexpected behavior affecting users of EWS-powered apps such as Outlook for Mac, Skype for Business, notification reliant LOB applications and iOS native email clients.
Source: https://www.bleepingcomputer.com/news/security/microsoft-provides-mitigations-workarounds-for-privexchange-vulnerability/