Looking at the comments, it seems like everyone is just busy arguing about Microsoft versus other companies. Does anyone actually care about how this SharePoint vulnerability was exploited?
If Microsoft had just contacted ZAST.AI earlier, I believe this security incident wouldn't even have happened.