This is cross-posted to the exchange list and the ntsysadmin list. If you are running hybrid with Azure or Office 365, you need to update AADConnect.
See: https://dirteam.com/sander/2017/12/13/azure-ad-connect-version-1-1-654-0-addresses-a-critical-security-vulnerability/ If you want to understand the vulnerability better, see: http://www.essential.exchange/2008/10/22/admincount-adminsdholder-sdprop-and-you/