Rackspace Hosted Exchange Failure Due to Security Event

Posted by

Rackspace hosted Exchange suffered a disastrous blackout starting December 2, 2022 and is still ongoing as of 12:37 AM December 4th. At first referred to as connection and login concerns, the assistance was ultimately updated to reveal that they were dealing with a security incident.

Rackspace Hosted Exchange Issues

The Rackspace system went down in the morning hours of December 2, 2022. At first there was no word from Rackspace about what the issue was, much less an ETA of when it would be resolved.

Clients on Buy Twitter Verified reported that Rackspace was not responding to support e-mails.

A Rackspace customer independently messaged me over social networks on Friday to relate their experience:

“All hosted Exchange clients down over the previous 16 hours.

Unsure how many business that is, however it’s considerable.

They’re serving a 554 long delay bounce so individuals emailing in aren’t familiar with the bounce for a number of hours.”

The official Rackspace status page provided a running upgrade of the interruption but the initial posts had no details besides there was an outage and it was being examined.

The very first official update was on December second at 2:49 AM:

“We are examining a problem that is affecting our Hosted Exchange environments. More information will be posted as they become available.”

Thirteen minutes later on Rackspace began calling it a “connection problem.”

“We are investigating reports of connectivity problems to our Exchange environments.

Users might experience an error upon accessing the Outlook Web App (Webmail) and syncing their e-mail customer(s).”

By 6:36 AM the Rackspace updates explained the ongoing problem as “connectivity and login concerns” then later that afternoon at 1:54 PM Rackspace revealed they were still in the “examination phase” of the outage, still attempting to find out what went wrong.

And they were still calling it “connectivity and login concerns” in their Cloud Workplace environments at 4:51 PM that afternoon.

Rackspace Recommends Moving to Microsoft 365

4 hours later on Rackspace described the situation as a “significant failure”and began using their consumers totally free Microsoft Exchange Plan 1 licenses on Microsoft 365 as a workaround till they understood the problem and could bring the system back online.

The official assistance specified:

“We experienced a substantial failure in our Hosted Exchange environment. We proactively closed down the environment to prevent any more issues while we continue work to restore service. As we continue to resolve the source of the problem, we have an alternate solution that will re-activate your ability to send out and receive e-mails.

At no cost to you, we will be supplying you access to Microsoft Exchange Plan 1 licenses on Microsoft 365 up until further notice.”

Rackspace Hosted Exchange Security Event

It was not until nearly 24 hr later on at 1:57 AM on December 3rd that Rackspace officially revealed that their hosted Exchange service was struggling with a security occurrence.

The announcement even more exposed that the Rackspace professionals had actually powered down and detached the Exchange environment.

Rackspace published:

“After further analysis, we have actually figured out that this is a security occurrence.

The known impact is isolated to a portion of our Hosted Exchange platform. We are taking essential actions to examine and secure our environments.”

Twelve hours later that afternoon they updated the status page with more details that their security team and outdoors professionals were still working on solving the outage.

Was Rackspace Service Affected by a Vulnerability?

Rackspace has actually not launched details of the security event.

A security occasion generally involves a vulnerability and there are two severe vulnerabilities currently in the wile that were covered in November 2022.

These are the 2 most present vulnerabilities:

  • CVE-2022-41040
    Microsoft Exchange Server Server-Side Request Forgery (SSRF) Vulnerability
    A Server Side Request Forgery (SSRF) attack enables a hacker to check out and change data on the server.
  • CVE-2022-41082
    Microsoft Exchange Server Remote Code Execution Vulnerability
    A Remote Code Execution Vulnerability is one in which an assaulter is able to run harmful code on a server.

An advisory published in October 2022 explained the effect of the vulnerabilities:

“A validated remote assailant can carry out SSRF attacks to intensify advantages and perform arbtirary PowerShell code on vulnerable Microsoft Exchange servers.

As the attack is targeted versus Microsoft Exchange Mailbox server, the assailant can possibly gain access to other resources through lateral movement into Exchange and Active Directory environments.”

The Rackspace interruption updates have not suggested what the specific problem was, just that it was a security event.

The most current status upgrade since December fourth stated that the service is still down and consumers are motivated to migrate to the Microsoft 365 service.

Rackspace published the following on December 4, 2022 at 12:37 AM:

“We continue to make progress in attending to the event. The schedule of your service and security of your information is of high significance.

We have actually dedicated extensive internal resources and engaged first-rate external expertise in our efforts to reduce negative effects to clients.”

It’s possible that the above kept in mind vulnerabilities belong to the security incident affecting the Rackspace Hosted Exchange service.

There has actually been no statement of whether consumer info has been jeopardized. This occasion is still ongoing.

Featured image by Best SMM Panel/Orn Rin