Rackspace Hosted Exchange Failure Fee to Security Incident

Posted by

Rackspace hosted Exchange suffered a devastating interruption starting December 2, 2022 and is still ongoing since 12:37 AM December fourth. Initially referred to as connection and login problems, the assistance was eventually updated to reveal that they were dealing with a security incident.

Rackspace Hosted Exchange Issues

The Rackspace system decreased in the early morning hours of December 2, 2022. Initially there was no word from Rackspace about what the issue was, much less an ETA of when it would be dealt with.

Consumers on Buy Twitter Verification reported that Rackspace was not responding to support e-mails.

A Rackspace customer independently messaged me over social media on Friday to relate their experience:

“All hosted Exchange customers down over the previous 16 hours.

Uncertain how many companies that is, however it’s substantial.

They’re serving a 554 long delay bounce so people emailing in aren’t knowledgeable about the bounce for a number of hours.”

The official Rackspace status page offered a running update of the interruption however the preliminary posts had no details other than there was a blackout and it was being investigated.

The first authorities upgrade was on December 2nd at 2:49 AM:

“We are examining a problem that is affecting our Hosted Exchange environments. More information will be published as they appear.”

Thirteen minutes later Rackspace started calling it a “connection issue.”

“We are examining reports of connectivity problems to our Exchange environments.

Users may experience an error upon accessing the Outlook Web App (Webmail) and syncing their e-mail customer(s).”

By 6:36 AM the Rackspace updates explained the continuous issue as “connection and login concerns” then later on that afternoon at 1:54 PM Rackspace announced they were still in the “investigation phase” of the interruption, still trying to determine what failed.

And they were still calling it “connectivity and login problems” in their Cloud Workplace environments at 4:51 PM that afternoon.

Rackspace Recommends Moving to Microsoft 365

Four hours later on Rackspace described the circumstance as a “significant failure”and started providing their customers free Microsoft Exchange Plan 1 licenses on Microsoft 365 as a workaround till they understood the problem and could bring the system back online.

The main assistance stated:

“We experienced a considerable failure in our Hosted Exchange environment. We proactively closed down the environment to prevent any further concerns while we continue work to restore service. As we continue to work through the origin of the problem, we have an alternate solution that will re-activate your ability to send out and get e-mails.

At no cost to you, we will be providing you access to Microsoft Exchange Strategy 1 licenses on Microsoft 365 until additional notice.”

Rackspace Hosted Exchange Security Occurrence

It was not up until nearly 24 hr later on at 1:57 AM on December 3rd that Rackspace officially announced that their hosted Exchange service was experiencing a security event.

The announcement further revealed that the Rackspace technicians had actually powered down and disconnected the Exchange environment.

Rackspace published:

“After further analysis, we have figured out that this is a security occurrence.

The known effect is separated to a part of our Hosted Exchange platform. We are taking needed actions to evaluate and secure our environments.”

Twelve hours later that afternoon they upgraded the status page with more information that their security group and outdoors experts were still working on fixing the outage.

Was Rackspace Service Impacted by a Vulnerability?

Rackspace has not launched details of the security occasion.

A security event usually includes a vulnerability and there are 2 severe vulnerabilities currently in the wile that were patched in November 2022.

These are the 2 most current vulnerabilities:

  • CVE-2022-41040
    Microsoft Exchange Server Server-Side Demand Forgery (SSRF) Vulnerability
    A Server Side Demand Forgery (SSRF) attack enables a hacker to read and change data on the server.
  • CVE-2022-41082
    Microsoft Exchange Server Remote Code Execution Vulnerability
    A Remote Code Execution Vulnerability is one in which an assailant has the ability to run malicious code on a server.

An advisory published in October 2022 described the impact of the vulnerabilities:

“A confirmed remote assaulter can carry out SSRF attacks to escalate advantages and carry out arbtirary PowerShell code on susceptible Microsoft Exchange servers.

As the attack is targeted against Microsoft Exchange Mail box server, the attacker can potentially gain access to other resources via lateral motion into Exchange and Active Directory site environments.”

The Rackspace interruption updates have not shown what the specific issue was, only that it was a security incident.

The most existing status update since December fourth mentioned that the service is still down and clients are encouraged to migrate to the Microsoft 365 service.

Rackspace posted the following on December 4, 2022 at 12:37 AM:

“We continue to make development in attending to the event. The availability of your service and security of your information is of high importance.

We have actually dedicated substantial internal resources and engaged first-rate external expertise in our efforts to minimize negative impacts to clients.”

It’s possible that the above noted vulnerabilities relate to the security event impacting the Rackspace Hosted Exchange service.

There has actually been no announcement of whether client info has been compromised. This event is still continuous.

Included image by Best SMM Panel/Orn Rin