A couple of days following the initial discovery of the exploit, numerous distinct SharePoint exploit attempts are now in circulation. We observe some examinations by researchers aiming to detect susceptible systems (or to probe for typical signs of compromise), along with multiple variations of the “ToolPane.aspx” URL being targeted. Even for our “random” honeypots, the frequency of hits has escalated considerably without the need to enhance our SharePoint emulation.