Rackspace Hosted Exchange Blackout Fee to Security Incident

Posted by

Rackspace hosted Exchange suffered a disastrous blackout beginning December 2, 2022 and is still ongoing as of 12:37 AM December fourth. Initially referred to as connection and login issues, the guidance was eventually upgraded to announce that they were handling a security incident.

Rackspace Hosted Exchange Issues

The Rackspace system decreased in the early morning hours of December 2, 2022. Initially there was no word from Rackspace about what the issue was, much less an ETA of when it would be solved.

Consumers on Buy Twitter Verified reported that Rackspace was not reacting to support emails.

A Rackspace client privately messaged me over social networks on Friday to relate their experience:

“All hosted Exchange customers down over the past 16 hours.

Not sure how many companies that is, but it’s substantial.

They’re serving a 554 long delay bounce so individuals emailing in aren’t knowledgeable about the bounce for a number of hours.”

The main Rackspace status page used a running update of the interruption however the initial posts had no details besides there was an outage and it was being investigated.

The very first official update was on December 2nd at 2:49 AM:

“We are investigating an issue that is affecting our Hosted Exchange environments. More information will be published as they become available.”

Thirteen minutes later Rackspace started calling it a “connectivity issue.”

“We are examining reports of connectivity concerns to our Exchange environments.

Users may experience a mistake upon accessing the Outlook Web App (Webmail) and syncing their e-mail customer(s).”

By 6:36 AM the Rackspace updates explained the ongoing issue as “connectivity and login concerns” then later on that afternoon at 1:54 PM Rackspace announced they were still in the “examination stage” of the outage, still trying to figure out what failed.

And they were still calling it “connection and login concerns” in their Cloud Workplace environments at 4:51 PM that afternoon.

Rackspace Recommends Migrating to Microsoft 365

4 hours later on Rackspace referred to the situation as a “substantial failure”and started using their consumers complimentary Microsoft Exchange Strategy 1 licenses on Microsoft 365 as a workaround till they understood the issue and might bring the system back online.

The main assistance specified:

“We experienced a considerable failure in our Hosted Exchange environment. We proactively closed down the environment to avoid any additional concerns while we continue work to bring back service. As we continue to work through the root cause of the issue, we have an alternate solution that will re-activate your ability to send and receive e-mails.

At no charge to you, we will be providing you access to Microsoft Exchange Strategy 1 licenses on Microsoft 365 up until more notice.”

Rackspace Hosted Exchange Security Incident

It was not up until nearly 24 hours later at 1:57 AM on December 3rd that Rackspace officially announced that their hosted Exchange service was struggling with a security event.

The statement even more revealed that the Rackspace specialists had powered down and detached the Exchange environment.

Rackspace posted:

“After more analysis, we have actually determined that this is a security event.

The known impact is separated to a part of our Hosted Exchange platform. We are taking needed actions to examine and protect our environments.”

Twelve hours later that afternoon they updated the status page with more details that their security group and outside experts were still working on resolving the failure.

Was Rackspace Service Impacted by a Vulnerability?

Rackspace has not released information of the security event.

A security event usually includes a vulnerability and there are 2 extreme vulnerabilities currently in the wile that were patched in November 2022.

These are the 2 most existing vulnerabilities:

  • CVE-2022-41040
    Microsoft Exchange Server Server-Side Demand Forgery (SSRF) Vulnerability
    A Server Side Demand Forgery (SSRF) attack enables a hacker to check out and change data on the server.
  • CVE-2022-41082
    Microsoft Exchange Server Remote Code Execution Vulnerability
    A Remote Code Execution Vulnerability is one in which an attacker is able to run malicious code on a server.

An advisory released in October 2022 explained the effect of the vulnerabilities:

“A validated remote opponent can carry out SSRF attacks to intensify benefits and execute arbtirary PowerShell code on vulnerable Microsoft Exchange servers.

As the attack is targeted against Microsoft Exchange Mailbox server, the assaulter can potentially access to other resources through lateral motion into Exchange and Active Directory environments.”

The Rackspace outage updates have actually not shown what the particular issue was, just that it was a security event.

The most present status upgrade as of December 4th mentioned that the service is still down and consumers are encouraged to migrate to the Microsoft 365 service.

Rackspace posted the following on December 4, 2022 at 12:37 AM:

“We continue to make progress in attending to the occurrence. The availability of your service and security of your information is of high importance.

We have committed substantial internal resources and engaged first-rate external know-how in our efforts to reduce unfavorable effects to clients.”

It’s possible that the above kept in mind vulnerabilities are related to the security occurrence impacting the Rackspace Hosted Exchange service.

There has actually been no announcement of whether client information has been compromised. This event is still continuous.

Featured image by Best SMM Panel/Orn Rin