An exploit in the new Microsoft cloud synchronization tool has just been discovered which allows elevation of permissions. This exploit allows an attacker to reset the password to an on-premises Active Directory account and gain privileged access such as Domain Admin over a companies domain.
The exploit is in the "Password write back is a component of Azure AD Connect" which needs to be enabled for this exploit to work.
A write-up of this security vulnerability can be found here:
Luckily most my customers are still using DirSync and are not affected by this vulnerability.
For a comparison between DirSync and Azure AD Connect please see: