Exploit tools used in widespread attacks reportedly are similar to PoC code privately distributed by Microsoft to vendors.