You're all admins, thanks to this Microsoft Exchange zero-day and exploit Easily swapped hashed passwords gives Domain Admin rights via API call. Fix may land next month January 25, 2019 https://www.theregister.co.uk/2019/01/25/microsoft_exchange_hashed_passwords/
Microsoft Confirms Serious ‘PrivExchange’ Vulnerability https://threatpost.com/microsoft-confirms-serious-privexchange-vulnerability/
If you want to read more articles from him, go to https://dirkjanm.io/ Some recent articles: “Relaying” Kerberos - Having fun with unconstrained delegation https://dirkjanm.io/krbrelayx-unconstrained-delegation-abuse-toolkit/ The worst of both worlds: Combining NTLM Relaying and Kerberos delegation https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/ Getting in the Zone: dumping Active Directory DNS using adidnsdump https://dirkjanm.io/getting-in-the-zone-dumping-active-directory-dns-with-adidnsdump/