A vulnerability exists within Microsoft Exchange that enables a general user to escalate their permissions to Domain Administrator. The problem is due to a default privilege that is enabled with Microsoft Exchange 2013 and later. All an attacker needs to achieve Domain Admin is access to an Exchange account without an altered registry, and they can escalate to full control of the domain. It is highly recommended that the fix published by Microsoft be applied to all users of Microsoft Exchange. The below links describe the vulnerability in greater detail and offer the steps for implementation of the fix.