Critical vulnerability could have allowed malicious actors to gain unauthorized access to users’ Microsoft accounts.