According to the analysis, neither IGEL nor Microsoft were willing to address the vulnerability when it was first disclosed in May 2025. Microsoft only issued a patch after exploitation was detected, suggesting that active exploitation may have been the driving force behind the delayed response.