A Taiwanese computer security researcher indicated on Friday that exploit code he developed and shared with Microsoft ended up in hostile hands. Microsoft is investigating whether one of its partners is at fault for the leak. The vulnerability was used to attack tens of thousands of Exchange email servers before Microsoft deployed software patches on March 2. Microsoft credited Cheng-da Tsai and Devcore with finding two of the four vulnerabilities it patched for Exchange server on Feb. 2. Devcore CEO Allen Own declined to comment but referred to previously issued statement that an investigation turned up nothing suspicious.”]
Source: https://www.inforisktoday.com/blogs/how-did-exchange-server-exploit-leak-p-3005