Rackspace Hosted Exchange Blackout Due to Security Incident

Posted by

Rackspace hosted Exchange suffered a disastrous interruption starting December 2, 2022 and is still ongoing since 12:37 AM December 4th. Initially referred to as connection and login concerns, the guidance was eventually upgraded to reveal that they were handling a security incident.

Rackspace Hosted Exchange Issues

The Rackspace system went down in the early morning hours of December 2, 2022. At first there was no word from Rackspace about what the problem was, much less an ETA of when it would be fixed.

Clients on Buy Twitter Verified reported that Rackspace was not responding to support emails.

A Rackspace consumer independently messaged me over social media on Friday to relate their experience:

“All hosted Exchange clients down over the past 16 hours.

Not sure the number of companies that is, but it’s considerable.

They’re serving a 554 long hold-up bounce so individuals emailing in aren’t knowledgeable about the bounce for several hours.”

The official Rackspace status page provided a running upgrade of the interruption but the initial posts had no information besides there was a blackout and it was being examined.

The very first authorities update was on December second at 2:49 AM:

“We are investigating a problem that is impacting our Hosted Exchange environments. More details will be posted as they become available.”

Thirteen minutes later Rackspace began calling it a “connection issue.”

“We are examining reports of connection concerns to our Exchange environments.

Users may experience an error upon accessing the Outlook Web App (Webmail) and syncing their email customer(s).”

By 6:36 AM the Rackspace updates described the ongoing problem as “connection and login concerns” then later that afternoon at 1:54 PM Rackspace announced they were still in the “examination stage” of the interruption, still trying to determine what failed.

And they were still calling it “connectivity and login issues” in their Cloud Workplace environments at 4:51 PM that afternoon.

Rackspace Recommends Migrating to Microsoft 365

Four hours later Rackspace referred to the situation as a “substantial failure”and began using their consumers complimentary Microsoft Exchange Plan 1 licenses on Microsoft 365 as a workaround until they comprehended the problem and might bring the system back online.

The official assistance mentioned:

“We experienced a considerable failure in our Hosted Exchange environment. We proactively shut down the environment to avoid any more problems while we continue work to bring back service. As we continue to overcome the origin of the issue, we have an alternate option that will re-activate your ability to send out and receive emails.

At no charge to you, we will be supplying you access to Microsoft Exchange Strategy 1 licenses on Microsoft 365 up until additional notice.”

Rackspace Hosted Exchange Security Occurrence

It was not until nearly 24 hr later on at 1:57 AM on December 3rd that Rackspace officially announced that their hosted Exchange service was struggling with a security occurrence.

The statement even more exposed that the Rackspace technicians had powered down and disconnected the Exchange environment.

Rackspace posted:

“After more analysis, we have determined that this is a security incident.

The known effect is separated to a part of our Hosted Exchange platform. We are taking needed actions to evaluate and protect our environments.”

Twelve hours later on that afternoon they upgraded the status page with more details that their security team and outdoors professionals were still dealing with resolving the interruption.

Was Rackspace Service Impacted by a Vulnerability?

Rackspace has actually not released information of the security occasion.

A security event normally involves a vulnerability and there are 2 serious vulnerabilities currently in the wile that were covered in November 2022.

These are the 2 most current vulnerabilities:

  • CVE-2022-41040
    Microsoft Exchange Server Server-Side Request Forgery (SSRF) Vulnerability
    A Server Side Demand Forgery (SSRF) attack enables a hacker to read and alter information on the server.
  • CVE-2022-41082
    Microsoft Exchange Server Remote Code Execution Vulnerability
    A Remote Code Execution Vulnerability is one in which an opponent has the ability to run destructive code on a server.

An advisory published in October 2022 explained the impact of the vulnerabilities:

“A verified remote attacker can carry out SSRF attacks to escalate advantages and carry out arbtirary PowerShell code on vulnerable Microsoft Exchange servers.

As the attack is targeted versus Microsoft Exchange Mailbox server, the assaulter can potentially access to other resources by means of lateral motion into Exchange and Active Directory site environments.”

The Rackspace failure updates have actually not suggested what the specific issue was, just that it was a security event.

The most present status update as of December fourth stated that the service is still down and customers are motivated to migrate to the Microsoft 365 service.

Rackspace posted the following on December 4, 2022 at 12:37 AM:

“We continue to make development in dealing with the event. The availability of your service and security of your data is of high value.

We have actually devoted extensive internal resources and engaged first-rate external expertise in our efforts to reduce negative impacts to clients.”

It’s possible that the above kept in mind vulnerabilities relate to the security event affecting the Rackspace Hosted Exchange service.

There has actually been no announcement of whether client info has been jeopardized. This event is still continuous.

Included image by Best SMM Panel/Orn Rin