Rackspace Hosted Exchange Interruption Charge to Security Event

Posted by

Rackspace hosted Exchange suffered a devastating failure starting December 2, 2022 and is still continuous as of 12:37 AM December fourth. At first referred to as connection and login concerns, the guidance was eventually updated to reveal that they were dealing with a security occurrence.

Rackspace Hosted Exchange Issues

The Rackspace system decreased in the early morning hours of December 2, 2022. At first there was no word from Rackspace about what the issue was, much less an ETA of when it would be solved.

Clients on Buy Twitter Verified reported that Rackspace was not reacting to support e-mails.

A Rackspace consumer privately messaged me over social networks on Friday to relate their experience:

“All hosted Exchange customers down over the past 16 hours.

Not sure the number of companies that is, but it’s substantial.

They’re serving a 554 long hold-up bounce so people emailing in aren’t aware of the bounce for several hours.”

The main Rackspace status page provided a running upgrade of the blackout but the preliminary posts had no information besides there was a failure and it was being examined.

The first official update was on December 2nd at 2:49 AM:

“We are investigating a problem that is affecting our Hosted Exchange environments. More information will be published as they appear.”

Thirteen minutes later on Rackspace started calling it a “connectivity problem.”

“We are investigating reports of connection issues to our Exchange environments.

Users might experience an error upon accessing the Outlook Web App (Webmail) and syncing their email customer(s).”

By 6:36 AM the Rackspace updates explained the continuous issue as “connection and login issues” then later that afternoon at 1:54 PM Rackspace announced they were still in the “investigation phase” of the outage, still trying to figure out what went wrong.

And they were still calling it “connectivity and login issues” in their Cloud Office environments at 4:51 PM that afternoon.

Rackspace Recommends Migrating to Microsoft 365

4 hours later Rackspace referred to the circumstance as a “considerable failure”and started offering their clients complimentary Microsoft Exchange Strategy 1 licenses on Microsoft 365 as a workaround up until they comprehended the problem and might bring the system back online.

The official assistance specified:

“We experienced a considerable failure in our Hosted Exchange environment. We proactively closed down the environment to avoid any more problems while we continue work to restore service. As we continue to resolve the origin of the problem, we have an alternate solution that will re-activate your ability to send out and receive emails.

At no charge to you, we will be offering you access to Microsoft Exchange Plan 1 licenses on Microsoft 365 up until more notification.”

Rackspace Hosted Exchange Security Event

It was not till nearly 24 hr later on at 1:57 AM on December 3rd that Rackspace formally revealed that their hosted Exchange service was experiencing a security occurrence.

The statement even more revealed that the Rackspace technicians had actually powered down and disconnected the Exchange environment.

Rackspace published:

“After further analysis, we have figured out that this is a security occurrence.

The recognized effect is isolated to a portion of our Hosted Exchange platform. We are taking essential actions to assess and protect our environments.”

Twelve hours later on that afternoon they updated the status page with more details that their security team and outside experts were still dealing with solving the failure.

Was Rackspace Service Affected by a Vulnerability?

Rackspace has not launched information of the security occasion.

A security occasion typically involves a vulnerability and there are 2 extreme vulnerabilities presently in the wile that were patched in November 2022.

These are the two most present vulnerabilities:

  • CVE-2022-41040
    Microsoft Exchange Server Server-Side Request Forgery (SSRF) Vulnerability
    A Server Side Demand Forgery (SSRF) attack allows a hacker to check out and change information on the server.
  • CVE-2022-41082
    Microsoft Exchange Server Remote Code Execution Vulnerability
    A Remote Code Execution Vulnerability is one in which an assaulter has the ability to run destructive code on a server.

An advisory published in October 2022 described the effect of the vulnerabilities:

“A verified remote aggressor can perform SSRF attacks to intensify opportunities and execute arbtirary PowerShell code on vulnerable Microsoft Exchange servers.

As the attack is targeted against Microsoft Exchange Mail box server, the assailant can potentially gain access to other resources by means of lateral movement into Exchange and Active Directory site environments.”

The Rackspace blackout updates have actually not suggested what the particular problem was, only that it was a security occurrence.

The most current status upgrade as of December fourth mentioned that the service is still down and clients are encouraged to migrate to the Microsoft 365 service.

Rackspace posted the following on December 4, 2022 at 12:37 AM:

“We continue to make progress in attending to the occurrence. The availability of your service and security of your data is of high significance.

We have actually committed extensive internal resources and engaged first-rate external know-how in our efforts to reduce unfavorable impacts to clients.”

It’s possible that the above kept in mind vulnerabilities are related to the security occurrence impacting the Rackspace Hosted Exchange service.

There has actually been no announcement of whether customer details has actually been jeopardized. This event is still continuous.

Included image by Best SMM Panel/Orn Rin