Rackspace Hosted Exchange Interruption Due to Security Occurrence

Posted by

Rackspace hosted Exchange suffered a devastating failure beginning December 2, 2022 and is still ongoing since 12:37 AM December 4th. At first referred to as connectivity and login concerns, the guidance was ultimately updated to announce that they were handling a security incident.

Rackspace Hosted Exchange Issues

The Rackspace system went down in the morning hours of December 2, 2022. At first there was no word from Rackspace about what the issue was, much less an ETA of when it would be dealt with.

Clients on Buy Twitter Verified reported that Rackspace was not reacting to support emails.

A Rackspace client privately messaged me over social networks on Friday to relate their experience:

“All hosted Exchange customers down over the previous 16 hours.

Not sure the number of companies that is, however it’s substantial.

They’re serving a 554 long hold-up bounce so people emailing in aren’t knowledgeable about the bounce for a number of hours.”

The official Rackspace status page provided a running upgrade of the interruption but the initial posts had no info besides there was an interruption and it was being examined.

The very first authorities upgrade was on December 2nd at 2:49 AM:

“We are examining an issue that is impacting our Hosted Exchange environments. More details will be posted as they appear.”

Thirteen minutes later Rackspace began calling it a “connectivity issue.”

“We are investigating reports of connectivity issues to our Exchange environments.

Users may experience an error upon accessing the Outlook Web App (Webmail) and syncing their email client(s).”

By 6:36 AM the Rackspace updates described the continuous issue as “connection and login concerns” then later on that afternoon at 1:54 PM Rackspace revealed they were still in the “investigation stage” of the interruption, still trying to find out what failed.

And they were still calling it “connectivity and login concerns” in their Cloud Workplace environments at 4:51 PM that afternoon.

Rackspace Recommends Migrating to Microsoft 365

Four hours later Rackspace described the circumstance as a “substantial failure”and began using their customers free Microsoft Exchange Plan 1 licenses on Microsoft 365 as a workaround until they understood the issue and could bring the system back online.

The official guidance stated:

“We experienced a significant failure in our Hosted Exchange environment. We proactively closed down the environment to prevent any more issues while we continue work to bring back service. As we continue to resolve the root cause of the concern, we have an alternate option that will re-activate your ability to send and receive emails.

At no cost to you, we will be supplying you access to Microsoft Exchange Strategy 1 licenses on Microsoft 365 up until more notice.”

Rackspace Hosted Exchange Security Occurrence

It was not till almost 24 hr later on at 1:57 AM on December 3rd that Rackspace officially revealed that their hosted Exchange service was suffering from a security event.

The statement even more exposed that the Rackspace service technicians had actually powered down and detached the Exchange environment.

Rackspace published:

“After more analysis, we have actually identified that this is a security occurrence.

The recognized effect is separated to a portion of our Hosted Exchange platform. We are taking essential actions to assess and secure our environments.”

Twelve hours later that afternoon they updated the status page with more information that their security team and outside specialists were still dealing with solving the blackout.

Was Rackspace Service Affected by a Vulnerability?

Rackspace has actually not released details of the security event.

A security occasion normally includes a vulnerability and there are 2 extreme vulnerabilities presently in the wile that were covered in November 2022.

These are the two most present vulnerabilities:

  • CVE-2022-41040
    Microsoft Exchange Server Server-Side Request Forgery (SSRF) Vulnerability
    A Server Side Demand Forgery (SSRF) attack enables a hacker to check out and change information on the server.
  • CVE-2022-41082
    Microsoft Exchange Server Remote Code Execution Vulnerability
    A Remote Code Execution Vulnerability is one in which an assaulter is able to run harmful code on a server.

An advisory published in October 2022 described the effect of the vulnerabilities:

“An authenticated remote aggressor can perform SSRF attacks to escalate advantages and perform arbtirary PowerShell code on vulnerable Microsoft Exchange servers.

As the attack is targeted versus Microsoft Exchange Mail box server, the enemy can potentially access to other resources through lateral movement into Exchange and Active Directory environments.”

The Rackspace interruption updates have actually not suggested what the particular problem was, just that it was a security occurrence.

The most existing status update since December 4th stated that the service is still down and clients are encouraged to move to the Microsoft 365 service.

Rackspace published the following on December 4, 2022 at 12:37 AM:

“We continue to make progress in addressing the occurrence. The schedule of your service and security of your data is of high significance.

We have committed extensive internal resources and engaged world-class external proficiency in our efforts to lessen negative effects to customers.”

It’s possible that the above kept in mind vulnerabilities are related to the security incident impacting the Rackspace Hosted Exchange service.

There has been no announcement of whether customer info has actually been jeopardized. This event is still continuous.

Included image by Best SMM Panel/Orn Rin