Microsoft warns of a high-severity vulnerability in hybrid Exchange deployments that lets attackers escalate privileges in Exchange Online without leaving audit trails. The flaw exploits a shared identity between on-prem and cloud systems, with CISA warning mitigation delays could lead to catastrophic breaches.