Exploit tools used in widespread attacks reportedly are similar to PoC code privately distributed by Microsoft to vendors.
Article Link: https://www.zdnet.com/article/microsoft-investigates-potential-tie-between-partner-firm-and-potential-exchange-bug-leak/#ftag=RSSbaffb68