Yesterday a vulnerability become known in AzureAD Connect. This join is on if the option Password writeback is configured.
Through the vulnerability in combination with the generous handing out rights it is possible for an attacker to reset passwords and so access to accounts.
Meanwhile a AzureAD connect update available in which this vulnerability is fixed. It is also to reduce risk by rights for the Password of the account that is used to withdraw writeback.
Microsoft recommend AzureAD connect also to update to version 1.1.553.0 If you are not using the Password Write back option.