Rackspace Hosted Exchange Interruption Charge to Security Incident

Posted by

Rackspace hosted Exchange suffered a catastrophic failure beginning December 2, 2022 and is still ongoing since 12:37 AM December 4th. Initially referred to as connection and login problems, the assistance was ultimately updated to reveal that they were handling a security occurrence.

Rackspace Hosted Exchange Issues

The Rackspace system went down in the early morning hours of December 2, 2022. Initially there was no word from Rackspace about what the problem was, much less an ETA of when it would be fixed.

Clients on Buy Twitter Verified reported that Rackspace was not reacting to support e-mails.

A Rackspace customer privately messaged me over social media on Friday to relate their experience:

“All hosted Exchange customers down over the past 16 hours.

Uncertain the number of business that is, but it’s substantial.

They’re serving a 554 long hold-up bounce so individuals emailing in aren’t knowledgeable about the bounce for numerous hours.”

The official Rackspace status page provided a running upgrade of the blackout however the preliminary posts had no details aside from there was a blackout and it was being investigated.

The first official update was on December 2nd at 2:49 AM:

“We are examining an issue that is impacting our Hosted Exchange environments. More information will be published as they become available.”

Thirteen minutes later on Rackspace began calling it a “connection issue.”

“We are examining reports of connection concerns to our Exchange environments.

Users may experience a mistake upon accessing the Outlook Web App (Webmail) and syncing their email client(s).”

By 6:36 AM the Rackspace updates described the ongoing problem as “connection and login concerns” then later on that afternoon at 1:54 PM Rackspace revealed they were still in the “investigation phase” of the failure, still attempting to figure out what went wrong.

And they were still calling it “connection and login issues” in their Cloud Workplace environments at 4:51 PM that afternoon.

Rackspace Recommends Moving to Microsoft 365

4 hours later on Rackspace described the scenario as a “considerable failure”and began offering their consumers complimentary Microsoft Exchange Plan 1 licenses on Microsoft 365 as a workaround until they understood the issue and could bring the system back online.

The main guidance specified:

“We experienced a significant failure in our Hosted Exchange environment. We proactively closed down the environment to prevent any additional problems while we continue work to restore service. As we continue to resolve the root cause of the concern, we have an alternate service that will re-activate your capability to send out and receive e-mails.

At no charge to you, we will be providing you access to Microsoft Exchange Strategy 1 licenses on Microsoft 365 up until further notification.”

Rackspace Hosted Exchange Security Incident

It was not until nearly 24 hr later at 1:57 AM on December 3rd that Rackspace formally announced that their hosted Exchange service was struggling with a security event.

The announcement further revealed that the Rackspace technicians had actually powered down and detached the Exchange environment.

Rackspace posted:

“After further analysis, we have identified that this is a security incident.

The recognized effect is separated to a portion of our Hosted Exchange platform. We are taking required actions to assess and safeguard our environments.”

Twelve hours later that afternoon they upgraded the status page with more info that their security group and outdoors specialists were still dealing with resolving the failure.

Was Rackspace Service Impacted by a Vulnerability?

Rackspace has not launched details of the security event.

A security occasion typically includes a vulnerability and there are two serious vulnerabilities presently in the wile that were covered in November 2022.

These are the two most existing vulnerabilities:

  • CVE-2022-41040
    Microsoft Exchange Server Server-Side Demand Forgery (SSRF) Vulnerability
    A Server Side Request Forgery (SSRF) attack allows a hacker to read and change data on the server.
  • CVE-2022-41082
    Microsoft Exchange Server Remote Code Execution Vulnerability
    A Remote Code Execution Vulnerability is one in which an attacker is able to run harmful code on a server.

An advisory published in October 2022 explained the effect of the vulnerabilities:

“A confirmed remote assaulter can carry out SSRF attacks to escalate opportunities and perform arbtirary PowerShell code on vulnerable Microsoft Exchange servers.

As the attack is targeted against Microsoft Exchange Mail box server, the assailant can possibly get to other resources via lateral movement into Exchange and Active Directory site environments.”

The Rackspace failure updates have not suggested what the particular problem was, only that it was a security event.

The most existing status upgrade as of December fourth mentioned that the service is still down and consumers are motivated to move to the Microsoft 365 service.

Rackspace published the following on December 4, 2022 at 12:37 AM:

“We continue to make development in attending to the occurrence. The accessibility of your service and security of your data is of high importance.

We have actually committed substantial internal resources and engaged first-rate external knowledge in our efforts to minimize unfavorable effects to consumers.”

It’s possible that the above noted vulnerabilities are related to the security occurrence affecting the Rackspace Hosted Exchange service.

There has actually been no statement of whether consumer details has actually been jeopardized. This event is still ongoing.

Featured image by Best SMM Panel/Orn Rin