Rackspace Hosted Exchange Outage Due to Security Event

Posted by

Rackspace hosted Exchange suffered a devastating failure starting December 2, 2022 and is still ongoing as of 12:37 AM December fourth. Initially described as connectivity and login concerns, the guidance was ultimately updated to reveal that they were dealing with a security incident.

Rackspace Hosted Exchange Issues

The Rackspace system went down in the morning hours of December 2, 2022. At first there was no word from Rackspace about what the problem was, much less an ETA of when it would be solved.

Customers on Buy Twitter Verification reported that Rackspace was not reacting to support e-mails.

A Rackspace customer independently messaged me over social media on Friday to relate their experience:

“All hosted Exchange customers down over the past 16 hours.

Uncertain how many companies that is, however it’s significant.

They’re serving a 554 long hold-up bounce so individuals emailing in aren’t knowledgeable about the bounce for several hours.”

The official Rackspace status page used a running update of the interruption however the preliminary posts had no info other than there was a blackout and it was being investigated.

The first authorities update was on December second at 2:49 AM:

“We are examining a problem that is impacting our Hosted Exchange environments. More information will be posted as they appear.”

Thirteen minutes later Rackspace started calling it a “connection issue.”

“We are investigating reports of connection issues to our Exchange environments.

Users may experience a mistake upon accessing the Outlook Web App (Webmail) and syncing their email customer(s).”

By 6:36 AM the Rackspace updates described the continuous issue as “connection and login concerns” then later on that afternoon at 1:54 PM Rackspace revealed they were still in the “investigation stage” of the failure, still attempting to find out what went wrong.

And they were still calling it “connectivity and login concerns” in their Cloud Office environments at 4:51 PM that afternoon.

Rackspace Recommends Moving to Microsoft 365

Four hours later on Rackspace described the situation as a “significant failure”and started offering their consumers totally free Microsoft Exchange Strategy 1 licenses on Microsoft 365 as a workaround until they understood the problem and could bring the system back online.

The main assistance mentioned:

“We experienced a considerable failure in our Hosted Exchange environment. We proactively closed down the environment to avoid any more concerns while we continue work to bring back service. As we continue to overcome the origin of the problem, we have an alternate option that will re-activate your ability to send out and receive emails.

At no charge to you, we will be supplying you access to Microsoft Exchange Plan 1 licenses on Microsoft 365 till further notice.”

Rackspace Hosted Exchange Security Incident

It was not until nearly 24 hours later at 1:57 AM on December 3rd that Rackspace officially revealed that their hosted Exchange service was suffering from a security event.

The announcement even more revealed that the Rackspace service technicians had actually powered down and detached the Exchange environment.

Rackspace posted:

“After more analysis, we have identified that this is a security incident.

The known impact is isolated to a part of our Hosted Exchange platform. We are taking needed actions to evaluate and secure our environments.”

Twelve hours later that afternoon they upgraded the status page with more info that their security group and outside experts were still dealing with resolving the interruption.

Was Rackspace Service Affected by a Vulnerability?

Rackspace has not launched information of the security occasion.

A security event normally includes a vulnerability and there are 2 severe vulnerabilities currently in the wile that were covered in November 2022.

These are the 2 most existing vulnerabilities:

  • CVE-2022-41040
    Microsoft Exchange Server Server-Side Request Forgery (SSRF) Vulnerability
    A Server Side Request Forgery (SSRF) attack enables a hacker to check out and alter information on the server.
  • CVE-2022-41082
    Microsoft Exchange Server Remote Code Execution Vulnerability
    A Remote Code Execution Vulnerability is one in which an assaulter has the ability to run harmful code on a server.

An advisory published in October 2022 explained the effect of the vulnerabilities:

“A validated remote attacker can perform SSRF attacks to escalate advantages and execute arbtirary PowerShell code on vulnerable Microsoft Exchange servers.

As the attack is targeted versus Microsoft Exchange Mailbox server, the aggressor can potentially get to other resources via lateral motion into Exchange and Active Directory environments.”

The Rackspace blackout updates have actually not shown what the particular issue was, just that it was a security occurrence.

The most present status upgrade as of December 4th stated that the service is still down and clients are encouraged to move to the Microsoft 365 service.

Rackspace published the following on December 4, 2022 at 12:37 AM:

“We continue to make development in addressing the event. The schedule of your service and security of your data is of high value.

We have dedicated comprehensive internal resources and engaged first-rate external expertise in our efforts to minimize negative effects to consumers.”

It’s possible that the above kept in mind vulnerabilities relate to the security incident impacting the Rackspace Hosted Exchange service.

There has actually been no statement of whether client details has actually been compromised. This event is still ongoing.

Featured image by Best SMM Panel/Orn Rin