Microsoft has released a security bulletin related Azure AD Connect.

If you are using password write-back you need to upgrade it to the version 1.1.553.0 (released this June) urgently as you are vulnerable to a vulnerability which could allow attackers to reset passwords.

Details about the security bulletin here:

Download the latest version of Azure AD Connect here