Rackspace Hosted Exchange Blackout Fee to Security Occurrence

Posted by

Rackspace hosted Exchange suffered a catastrophic failure beginning December 2, 2022 and is still continuous since 12:37 AM December fourth. Initially described as connectivity and login concerns, the guidance was eventually updated to announce that they were handling a security incident.

Rackspace Hosted Exchange Issues

The Rackspace system decreased in the morning hours of December 2, 2022. Initially there was no word from Rackspace about what the problem was, much less an ETA of when it would be fixed.

Clients on Buy Twitter Verification reported that Rackspace was not reacting to support emails.

A Rackspace consumer independently messaged me over social networks on Friday to relate their experience:

“All hosted Exchange customers down over the past 16 hours.

Not exactly sure how many companies that is, but it’s significant.

They’re serving a 554 long delay bounce so individuals emailing in aren’t familiar with the bounce for a number of hours.”

The official Rackspace status page provided a running upgrade of the failure but the initial posts had no details other than there was a failure and it was being investigated.

The first authorities update was on December second at 2:49 AM:

“We are examining an issue that is impacting our Hosted Exchange environments. More information will be published as they appear.”

Thirteen minutes later on Rackspace started calling it a “connection problem.”

“We are investigating reports of connection issues to our Exchange environments.

Users may experience a mistake upon accessing the Outlook Web App (Webmail) and syncing their email customer(s).”

By 6:36 AM the Rackspace updates explained the continuous problem as “connection and login issues” then later that afternoon at 1:54 PM Rackspace announced they were still in the “investigation phase” of the failure, still attempting to figure out what went wrong.

And they were still calling it “connection and login problems” in their Cloud Office environments at 4:51 PM that afternoon.

Rackspace Recommends Moving to Microsoft 365

Four hours later on Rackspace described the scenario as a “considerable failure”and began offering their customers free Microsoft Exchange Strategy 1 licenses on Microsoft 365 as a workaround until they comprehended the problem and might bring the system back online.

The main assistance specified:

“We experienced a substantial failure in our Hosted Exchange environment. We proactively closed down the environment to avoid any additional issues while we continue work to bring back service. As we continue to overcome the origin of the concern, we have an alternate option that will re-activate your ability to send out and get e-mails.

At no cost to you, we will be providing you access to Microsoft Exchange Plan 1 licenses on Microsoft 365 until further notice.”

Rackspace Hosted Exchange Security Incident

It was not up until nearly 24 hr later on at 1:57 AM on December 3rd that Rackspace formally revealed that their hosted Exchange service was experiencing a security event.

The statement even more revealed that the Rackspace specialists had actually powered down and disconnected the Exchange environment.

Rackspace posted:

“After more analysis, we have actually determined that this is a security occurrence.

The known effect is isolated to a part of our Hosted Exchange platform. We are taking essential actions to assess and protect our environments.”

Twelve hours later that afternoon they updated the status page with more details that their security group and outside experts were still dealing with solving the blackout.

Was Rackspace Service Impacted by a Vulnerability?

Rackspace has actually not launched details of the security occasion.

A security event typically includes a vulnerability and there are two extreme vulnerabilities presently in the wile that were covered in November 2022.

These are the two most existing vulnerabilities:

  • CVE-2022-41040
    Microsoft Exchange Server Server-Side Request Forgery (SSRF) Vulnerability
    A Server Side Request Forgery (SSRF) attack permits a hacker to check out and alter data on the server.
  • CVE-2022-41082
    Microsoft Exchange Server Remote Code Execution Vulnerability
    A Remote Code Execution Vulnerability is one in which an assailant has the ability to run malicious code on a server.

An advisory released in October 2022 described the effect of the vulnerabilities:

“A verified remote enemy can perform SSRF attacks to intensify opportunities and perform arbtirary PowerShell code on susceptible Microsoft Exchange servers.

As the attack is targeted versus Microsoft Exchange Mail box server, the enemy can potentially access to other resources through lateral movement into Exchange and Active Directory site environments.”

The Rackspace blackout updates have not shown what the particular problem was, just that it was a security occurrence.

The most current status upgrade since December 4th specified that the service is still down and clients are motivated to move to the Microsoft 365 service.

Rackspace posted the following on December 4, 2022 at 12:37 AM:

“We continue to make progress in dealing with the incident. The availability of your service and security of your information is of high importance.

We have actually dedicated substantial internal resources and engaged world-class external proficiency in our efforts to minimize unfavorable impacts to clients.”

It’s possible that the above noted vulnerabilities belong to the security event affecting the Rackspace Hosted Exchange service.

There has actually been no statement of whether customer info has been jeopardized. This event is still ongoing.

Included image by Best SMM Panel/Orn Rin