In what's described as a "small number of targeted attacks", the CVE-2022-41040 and CVE-2022-41082 vulnerabilities were chained together to provide attackers with "hands-on-keyboard access", which was used to perform Active Directory reconnaissance and to steal data. The victims haven't been publicly disclosed.
While there's currently no specific indications as to who's behind these attacks, Microsoft's Security Threat Intelligence Team (MSTIC) "assesses with medium confidence" that they're the work of a single activity group connected to a state-sponsored cyber operation.
Microsoft says it's working on what it describes as an "accelerated timeline" to release a security fix for the vulnerability – although it has yet to emerge.
But since the vulnerability has been publicly disclosed, it's likely that hacking operations are already moving to take advantage of it before a patch becomes available, with Microsoft warning that "overall exploitation of these vulnerabilities will increase".