Rackspace Hosted Exchange Interruption Fee to Security Occurrence

Posted by

Rackspace hosted Exchange suffered a disastrous blackout starting December 2, 2022 and is still ongoing since 12:37 AM December fourth. Initially described as connection and login issues, the guidance was eventually upgraded to reveal that they were handling a security incident.

Rackspace Hosted Exchange Issues

The Rackspace system decreased in the early morning hours of December 2, 2022. Initially there was no word from Rackspace about what the problem was, much less an ETA of when it would be resolved.

Clients on Buy Twitter Verification reported that Rackspace was not responding to support e-mails.

A Rackspace customer privately messaged me over social networks on Friday to relate their experience:

“All hosted Exchange clients down over the past 16 hours.

Uncertain the number of companies that is, but it’s considerable.

They’re serving a 554 long hold-up bounce so people emailing in aren’t aware of the bounce for several hours.”

The official Rackspace status page offered a running upgrade of the interruption however the preliminary posts had no details other than there was an outage and it was being investigated.

The very first authorities upgrade was on December 2nd at 2:49 AM:

“We are examining a concern that is affecting our Hosted Exchange environments. More details will be published as they become available.”

Thirteen minutes later on Rackspace began calling it a “connectivity issue.”

“We are examining reports of connection problems to our Exchange environments.

Users may experience a mistake upon accessing the Outlook Web App (Webmail) and syncing their e-mail customer(s).”

By 6:36 AM the Rackspace updates described the continuous problem as “connection and login concerns” then later that afternoon at 1:54 PM Rackspace revealed they were still in the “investigation stage” of the outage, still trying to determine what failed.

And they were still calling it “connection and login issues” in their Cloud Workplace environments at 4:51 PM that afternoon.

Rackspace Recommends Migrating to Microsoft 365

Four hours later on Rackspace described the circumstance as a “significant failure”and began offering their clients complimentary Microsoft Exchange Plan 1 licenses on Microsoft 365 as a workaround till they comprehended the problem and could bring the system back online.

The official assistance stated:

“We experienced a substantial failure in our Hosted Exchange environment. We proactively shut down the environment to avoid any additional issues while we continue work to bring back service. As we continue to overcome the origin of the problem, we have an alternate service that will re-activate your ability to send and get e-mails.

At no charge to you, we will be providing you access to Microsoft Exchange Strategy 1 licenses on Microsoft 365 until further notification.”

Rackspace Hosted Exchange Security Occurrence

It was not up until nearly 24 hours later on at 1:57 AM on December 3rd that Rackspace formally revealed that their hosted Exchange service was experiencing a security occurrence.

The statement even more revealed that the Rackspace service technicians had powered down and disconnected the Exchange environment.

Rackspace posted:

“After additional analysis, we have identified that this is a security occurrence.

The known impact is separated to a part of our Hosted Exchange platform. We are taking necessary actions to assess and safeguard our environments.”

Twelve hours later that afternoon they upgraded the status page with more info that their security group and outdoors experts were still dealing with solving the failure.

Was Rackspace Service Impacted by a Vulnerability?

Rackspace has actually not launched details of the security occasion.

A security occasion normally involves a vulnerability and there are two extreme vulnerabilities currently in the wile that were covered in November 2022.

These are the two most existing vulnerabilities:

  • CVE-2022-41040
    Microsoft Exchange Server Server-Side Request Forgery (SSRF) Vulnerability
    A Server Side Request Forgery (SSRF) attack permits a hacker to check out and alter information on the server.
  • CVE-2022-41082
    Microsoft Exchange Server Remote Code Execution Vulnerability
    A Remote Code Execution Vulnerability is one in which an opponent has the ability to run destructive code on a server.

An advisory released in October 2022 explained the impact of the vulnerabilities:

“An authenticated remote aggressor can carry out SSRF attacks to intensify benefits and perform arbtirary PowerShell code on vulnerable Microsoft Exchange servers.

As the attack is targeted versus Microsoft Exchange Mailbox server, the enemy can possibly get to other resources via lateral movement into Exchange and Active Directory site environments.”

The Rackspace failure updates have not shown what the particular issue was, only that it was a security event.

The most existing status update as of December fourth mentioned that the service is still down and consumers are encouraged to migrate to the Microsoft 365 service.

Rackspace published the following on December 4, 2022 at 12:37 AM:

“We continue to make progress in resolving the incident. The accessibility of your service and security of your information is of high value.

We have actually devoted extensive internal resources and engaged first-rate external expertise in our efforts to lessen negative effects to consumers.”

It’s possible that the above kept in mind vulnerabilities are related to the security event impacting the Rackspace Hosted Exchange service.

There has actually been no announcement of whether consumer information has been compromised. This occasion is still ongoing.

Featured image by Best SMM Panel/Orn Rin