Rackspace Hosted Exchange Interruption Charge to Security Occurrence

Posted by

Rackspace hosted Exchange suffered a disastrous failure starting December 2, 2022 and is still continuous since 12:37 AM December 4th. Initially referred to as connectivity and login concerns, the guidance was ultimately upgraded to announce that they were dealing with a security occurrence.

Rackspace Hosted Exchange Issues

The Rackspace system went down in the early morning hours of December 2, 2022. Initially there was no word from Rackspace about what the issue was, much less an ETA of when it would be resolved.

Consumers on Buy Twitter Verified reported that Rackspace was not reacting to support emails.

A Rackspace consumer independently messaged me over social networks on Friday to relate their experience:

“All hosted Exchange clients down over the past 16 hours.

Not sure how many companies that is, but it’s considerable.

They’re serving a 554 long hold-up bounce so people emailing in aren’t familiar with the bounce for numerous hours.”

The main Rackspace status page offered a running upgrade of the outage however the initial posts had no details other than there was a blackout and it was being examined.

The first authorities upgrade was on December 2nd at 2:49 AM:

“We are examining a concern that is affecting our Hosted Exchange environments. More details will be published as they become available.”

Thirteen minutes later Rackspace started calling it a “connection concern.”

“We are investigating reports of connectivity issues to our Exchange environments.

Users may experience a mistake upon accessing the Outlook Web App (Webmail) and syncing their email client(s).”

By 6:36 AM the Rackspace updates explained the ongoing problem as “connectivity and login concerns” then later on that afternoon at 1:54 PM Rackspace revealed they were still in the “examination stage” of the failure, still trying to determine what went wrong.

And they were still calling it “connectivity and login problems” in their Cloud Office environments at 4:51 PM that afternoon.

Rackspace Recommends Migrating to Microsoft 365

Four hours later on Rackspace referred to the circumstance as a “considerable failure”and began providing their consumers totally free Microsoft Exchange Strategy 1 licenses on Microsoft 365 as a workaround till they comprehended the issue and could bring the system back online.

The main guidance specified:

“We experienced a significant failure in our Hosted Exchange environment. We proactively closed down the environment to avoid any additional problems while we continue work to restore service. As we continue to work through the source of the concern, we have an alternate solution that will re-activate your capability to send and get e-mails.

At no charge to you, we will be providing you access to Microsoft Exchange Strategy 1 licenses on Microsoft 365 until further notification.”

Rackspace Hosted Exchange Security Event

It was not till nearly 24 hours later on at 1:57 AM on December 3rd that Rackspace officially announced that their hosted Exchange service was experiencing a security incident.

The statement even more exposed that the Rackspace specialists had powered down and disconnected the Exchange environment.

Rackspace posted:

“After additional analysis, we have identified that this is a security incident.

The known effect is separated to a part of our Hosted Exchange platform. We are taking needed actions to examine and secure our environments.”

Twelve hours later on that afternoon they updated the status page with more information that their security group and outside experts were still working on resolving the interruption.

Was Rackspace Service Affected by a Vulnerability?

Rackspace has actually not launched information of the security event.

A security occasion normally involves a vulnerability and there are 2 extreme vulnerabilities presently in the wile that were covered in November 2022.

These are the 2 most current vulnerabilities:

  • CVE-2022-41040
    Microsoft Exchange Server Server-Side Demand Forgery (SSRF) Vulnerability
    A Server Side Demand Forgery (SSRF) attack enables a hacker to check out and change information on the server.
  • CVE-2022-41082
    Microsoft Exchange Server Remote Code Execution Vulnerability
    A Remote Code Execution Vulnerability is one in which an assaulter has the ability to run destructive code on a server.

An advisory published in October 2022 explained the impact of the vulnerabilities:

“A confirmed remote attacker can carry out SSRF attacks to escalate advantages and carry out arbtirary PowerShell code on susceptible Microsoft Exchange servers.

As the attack is targeted against Microsoft Exchange Mail box server, the attacker can potentially get to other resources by means of lateral movement into Exchange and Active Directory site environments.”

The Rackspace blackout updates have not shown what the particular problem was, just that it was a security occurrence.

The most current status upgrade since December fourth stated that the service is still down and consumers are motivated to move to the Microsoft 365 service.

Rackspace posted the following on December 4, 2022 at 12:37 AM:

“We continue to make development in addressing the event. The availability of your service and security of your information is of high value.

We have committed extensive internal resources and engaged world-class external expertise in our efforts to decrease negative effects to clients.”

It’s possible that the above kept in mind vulnerabilities are related to the security occurrence impacting the Rackspace Hosted Exchange service.

There has been no statement of whether consumer details has actually been jeopardized. This event is still continuous.

Featured image by Best SMM Panel/Orn Rin