Microsoft has released a security bulletin related Azure AD Connect.

If you are using password write-back you need to upgrade it to the version 1.1.553.0 (released this June) urgently as you are vulnerable to a vulnerability which could allow attackers to reset passwords.

Details about the security bulletin here: https://technet.microsoft.com/library/security/4033453.aspx?f=255&MSPPError=-2147217396

Download the latest version of Azure AD Connect here http://go.microsoft.com/fwlink/?LinkId=615771