Rackspace hosted Exchange suffered a catastrophic interruption beginning December 2, 2022 and is still ongoing since 12:37 AM December fourth. At first described as connectivity and login concerns, the guidance was ultimately updated to reveal that they were dealing with a security event.
Rackspace Hosted Exchange Issues
The Rackspace system went down in the morning hours of December 2, 2022. Initially there was no word from Rackspace about what the problem was, much less an ETA of when it would be dealt with.
Consumers on Buy Twitter Verified reported that Rackspace was not reacting to support e-mails.
This has been rather the day with #Rackspace. Every hosted exchange client has actually been down for 14 hours approximately. Assistance isn’t reading/responding to tickets. Updates are unhelpful.
I am concerned now that they came down with something bad like the ProxyNotShell PoC hack. https://t.co/jchKsAO3Z7
— Joe Sinkwitz (@CygnusSEO) December 2, 2022
A Rackspace client privately messaged me over social media on Friday to relate their experience:
“All hosted Exchange clients down over the past 16 hours.
Uncertain how many business that is, however it’s significant.
They’re serving a 554 long delay bounce so individuals emailing in aren’t familiar with the bounce for a number of hours.”
The official Rackspace status page provided a running update of the blackout but the initial posts had no info other than there was an outage and it was being investigated.
The first official update was on December 2nd at 2:49 AM:
“We are examining a problem that is affecting our Hosted Exchange environments. More information will be published as they become available.”
Thirteen minutes later Rackspace began calling it a “connectivity problem.”
“We are investigating reports of connection concerns to our Exchange environments.
Users might experience a mistake upon accessing the Outlook Web App (Webmail) and syncing their e-mail client(s).”
By 6:36 AM the Rackspace updates described the ongoing issue as “connection and login issues” then later on that afternoon at 1:54 PM Rackspace revealed they were still in the “examination phase” of the failure, still trying to find out what went wrong.
And they were still calling it “connectivity and login issues” in their Cloud Office environments at 4:51 PM that afternoon.
Rackspace Recommends Moving to Microsoft 365
Four hours later on Rackspace referred to the circumstance as a “substantial failure”and began using their customers free Microsoft Exchange Strategy 1 licenses on Microsoft 365 as a workaround till they comprehended the problem and could bring the system back online.
The official assistance specified:
“We experienced a substantial failure in our Hosted Exchange environment. We proactively closed down the environment to avoid any more problems while we continue work to restore service. As we continue to resolve the origin of the concern, we have an alternate solution that will re-activate your ability to send and receive emails.
At no cost to you, we will be supplying you access to Microsoft Exchange Strategy 1 licenses on Microsoft 365 up until more notice.”
Rackspace Hosted Exchange Security Event
It was not up until almost 24 hr later on at 1:57 AM on December 3rd that Rackspace officially announced that their hosted Exchange service was suffering from a security occurrence.
The announcement even more revealed that the Rackspace professionals had actually powered down and disconnected the Exchange environment.
“After more analysis, we have actually identified that this is a security event.
The recognized effect is isolated to a part of our Hosted Exchange platform. We are taking necessary actions to assess and protect our environments.”
Twelve hours later on that afternoon they updated the status page with more details that their security team and outdoors experts were still dealing with resolving the blackout.
Was Rackspace Service Affected by a Vulnerability?
Rackspace has not launched information of the security occasion.
A security occasion generally includes a vulnerability and there are two extreme vulnerabilities currently in the wile that were covered in November 2022.
These are the two most current vulnerabilities:
Microsoft Exchange Server Server-Side Request Forgery (SSRF) Vulnerability
A Server Side Demand Forgery (SSRF) attack enables a hacker to read and alter information on the server.
Microsoft Exchange Server Remote Code Execution Vulnerability
A Remote Code Execution Vulnerability is one in which an enemy is able to run harmful code on a server.
An advisory published in October 2022 described the effect of the vulnerabilities:
“An authenticated remote assailant can perform SSRF attacks to escalate benefits and carry out arbtirary PowerShell code on susceptible Microsoft Exchange servers.
As the attack is targeted versus Microsoft Exchange Mailbox server, the opponent can potentially access to other resources by means of lateral motion into Exchange and Active Directory environments.”
The Rackspace interruption updates have not shown what the particular problem was, just that it was a security occurrence.
The most current status upgrade since December fourth mentioned that the service is still down and consumers are encouraged to migrate to the Microsoft 365 service.
Rackspace published the following on December 4, 2022 at 12:37 AM:
“We continue to make development in attending to the incident. The schedule of your service and security of your data is of high value.
We have actually devoted extensive internal resources and engaged world-class external knowledge in our efforts to minimize negative impacts to customers.”
It’s possible that the above noted vulnerabilities belong to the security occurrence impacting the Rackspace Hosted Exchange service.
There has been no announcement of whether consumer info has actually been jeopardized. This event is still continuous.
Included image by Best SMM Panel/Orn Rin