CISA has issued an emergency directive in response to a vulnerability affecting hybrid Microsoft Exchange users.