Microsoft Exchange Vulnerability Much Larger Than Company Is Saying: Huntress ‘This seems to be a much larger spread than just ‘limited and targeted attacks’ as Microsoft has suggested ... These [victim] companies do not perfectly align with Microsoft’s guidance,’ says Huntress’ John Hammond. By Michael Novinson March 03, 2021, 03:54 PM EST Huntress has challenged Microsoft’s claim that Chinese hackers executed “limited and targeted attacks” against on-premises Exchange servers, arguing the scope of compromise is fairly widespread. The Ellicott City, Md.-based managed detection and response (MDR) vendor said roughly 400 of the 2,000 Exchange servers the company has checked are susceptible to the zero-day vulnerabilities being exploited by Chinese hacking group Hafnium, with an additionally 100 servers potentially vulnerable. In addition, Huntress said nearly 200 of its partners’ servers have received malicious web shell payloads.