Exchange Server bug: Patch now, but multi-factor authentication might not stop these attacks, warns Microsoft

Even if an Exchange account has multi-factor authentication enabled, an attacker could use this vulnerability to compromise email accounts.

You can read the full article here.