Rackspace Hosted Exchange Failure Fee to Security Event

Posted by

Rackspace hosted Exchange suffered a disastrous interruption beginning December 2, 2022 and is still ongoing as of 12:37 AM December fourth. Initially described as connection and login problems, the assistance was ultimately upgraded to announce that they were dealing with a security incident.

Rackspace Hosted Exchange Issues

The Rackspace system went down in the early morning hours of December 2, 2022. At first there was no word from Rackspace about what the issue was, much less an ETA of when it would be resolved.

Customers on Buy Twitter Verified reported that Rackspace was not reacting to support e-mails.

A Rackspace client privately messaged me over social networks on Friday to relate their experience:

“All hosted Exchange clients down over the past 16 hours.

Not exactly sure how many business that is, but it’s considerable.

They’re serving a 554 long delay bounce so people emailing in aren’t aware of the bounce for numerous hours.”

The official Rackspace status page offered a running upgrade of the outage but the preliminary posts had no information other than there was a blackout and it was being investigated.

The very first authorities upgrade was on December 2nd at 2:49 AM:

“We are investigating a problem that is affecting our Hosted Exchange environments. More information will be published as they appear.”

Thirteen minutes later Rackspace began calling it a “connection concern.”

“We are investigating reports of connectivity problems to our Exchange environments.

Users might experience a mistake upon accessing the Outlook Web App (Webmail) and syncing their e-mail customer(s).”

By 6:36 AM the Rackspace updates described the ongoing issue as “connectivity and login issues” then later on that afternoon at 1:54 PM Rackspace revealed they were still in the “investigation phase” of the outage, still trying to find out what failed.

And they were still calling it “connectivity and login issues” in their Cloud Office environments at 4:51 PM that afternoon.

Rackspace Recommends Migrating to Microsoft 365

Four hours later Rackspace referred to the circumstance as a “substantial failure”and began providing their clients totally free Microsoft Exchange Strategy 1 licenses on Microsoft 365 as a workaround up until they comprehended the problem and might bring the system back online.

The main guidance specified:

“We experienced a significant failure in our Hosted Exchange environment. We proactively shut down the environment to avoid any further problems while we continue work to restore service. As we continue to resolve the root cause of the issue, we have an alternate option that will re-activate your ability to send out and receive e-mails.

At no charge to you, we will be providing you access to Microsoft Exchange Strategy 1 licenses on Microsoft 365 till further notice.”

Rackspace Hosted Exchange Security Occurrence

It was not until almost 24 hr later on at 1:57 AM on December 3rd that Rackspace officially announced that their hosted Exchange service was experiencing a security event.

The announcement even more exposed that the Rackspace specialists had actually powered down and detached the Exchange environment.

Rackspace posted:

“After more analysis, we have determined that this is a security event.

The known impact is separated to a part of our Hosted Exchange platform. We are taking needed actions to assess and protect our environments.”

Twelve hours later on that afternoon they updated the status page with more information that their security group and outdoors specialists were still dealing with fixing the blackout.

Was Rackspace Service Impacted by a Vulnerability?

Rackspace has not released details of the security occasion.

A security event usually involves a vulnerability and there are 2 extreme vulnerabilities presently in the wile that were patched in November 2022.

These are the two most current vulnerabilities:

  • CVE-2022-41040
    Microsoft Exchange Server Server-Side Demand Forgery (SSRF) Vulnerability
    A Server Side Request Forgery (SSRF) attack allows a hacker to read and change data on the server.
  • CVE-2022-41082
    Microsoft Exchange Server Remote Code Execution Vulnerability
    A Remote Code Execution Vulnerability is one in which an assaulter has the ability to run destructive code on a server.

An advisory released in October 2022 explained the impact of the vulnerabilities:

“A verified remote aggressor can carry out SSRF attacks to escalate benefits and perform arbtirary PowerShell code on susceptible Microsoft Exchange servers.

As the attack is targeted against Microsoft Exchange Mail box server, the assailant can possibly get to other resources by means of lateral motion into Exchange and Active Directory site environments.”

The Rackspace failure updates have actually not shown what the particular problem was, only that it was a security event.

The most current status update since December 4th specified that the service is still down and customers are motivated to move to the Microsoft 365 service.

Rackspace published the following on December 4, 2022 at 12:37 AM:

“We continue to make progress in dealing with the occurrence. The schedule of your service and security of your data is of high significance.

We have actually devoted substantial internal resources and engaged first-rate external competence in our efforts to minimize negative impacts to customers.”

It’s possible that the above kept in mind vulnerabilities belong to the security occurrence impacting the Rackspace Hosted Exchange service.

There has actually been no announcement of whether client information has been jeopardized. This event is still ongoing.

Included image by Best SMM Panel/Orn Rin