Rackspace hosted Exchange experienced a catastrophic outage commencing December 2, 2022 and is nevertheless ongoing as of 12:37 AM December 4th. Originally described as connectivity and login concerns, the direction was inevitably updated to announce that they were dealing with a stability incident.

Rackspace Hosted Exchange Challenges

The Rackspace technique went down in the early early morning several hours of December 2, 2022. Originally there was no phrase from Rackspace about what the problem was, considerably much less an ETA of when it would be resolved.

Consumers on Twitter described that Rackspace was not responding to assistance email messages.

A Rackspace customer privately messaged me in excess of social media on Friday to relate their expertise:

“All hosted Exchange clients down more than the previous 16 several hours.

Not confident how quite a few providers that is, but it is important.

They’re serving a 554 very long delay bounce so people today emailing in aren’t knowledgeable of the bounce for many hours.”

The formal Rackspace standing page available a jogging update of the outage but the original posts experienced no data other than there was an outage and it was currently being investigated.

The 1st formal update was on December 2nd at 2:49 AM:

“We are investigating an challenge that is affecting our Hosted Trade environments. More particulars will be posted as they turn out to be offered.”

13 minutes afterwards Rackspace commenced contacting it a “connectivity problem.”

“We are investigating reviews of connectivity concerns to our Exchange environments.

People may experience an mistake on accessing the Outlook World wide web App (Webmail) and syncing their email consumer(s).”

By 6:36 AM the Rackspace updates explained the ongoing challenge as “connectivity and login issues” then later on that afternoon at 1:54 PM Rackspace introduced they had been however in the “investigation phase” of the outage, still hoping to determine out what went completely wrong.

And they ended up however calling it “connectivity and login issues” in their Cloud Office environments at 4:51 PM that afternoon.

Rackspace Endorses Migrating to Microsoft 365

Four several hours later Rackspace referred to the situation as a “significant failure”and started offering their shoppers cost-free Microsoft Trade Plan 1 licenses on Microsoft 365 as a workaround right up until they comprehended the trouble and could convey the program back on-line.

The formal steerage stated:

“We experienced a substantial failure in our Hosted Exchange setting. We proactively shut down the natural environment to stay away from any even more difficulties even though we keep on work to restore service. As we proceed to operate as a result of the root cause of the concern, we have an alternate resolution that will re-activate your means to ship and acquire emails.

At no expense to you, we will be supplying you accessibility to Microsoft Trade Plan 1 licenses on Microsoft 365 right until further observe.”

Rackspace Hosted Trade Protection Incident

It was not until nearly 24 several hours afterwards at 1:57 AM on December 3rd that Rackspace formally announced that their hosted Trade assistance was suffering from a protection incident.

The announcement additional revealed that the Rackspace professionals experienced powered down and disconnected the Exchange atmosphere.

Rackspace posted:

“After additional analysis, we have identified that this is a safety incident.

The regarded impression is isolated to a part of our Hosted Trade platform. We are having vital steps to examine and secure our environments.”

Twelve hours later on that afternoon they current the position web page with more information that their stability staff and outside the house gurus were being nonetheless doing work on resolving the outage.

Was Rackspace Assistance Influenced by a Vulnerability?

Rackspace has not launched particulars of the safety event.

A security function generally involves a vulnerability and there are two critical vulnerabilities currently in the wile that were being patched in November 2022.

These are the two most current vulnerabilities:

  • CVE-2022-41040
    Microsoft Exchange Server Server-Side Request Forgery (SSRF) Vulnerability
    A Server Aspect Ask for Forgery (SSRF) attack permits a hacker to browse and adjust information on the server.
  • CVE-2022-41082
    Microsoft Exchange Server Remote Code Execution Vulnerability
    A Distant Code Execution Vulnerability is just one in which an attacker is able to run destructive code on a server.

An advisory revealed in October 2022 described the effect of the vulnerabilities:

“An authenticated remote attacker can execute SSRF assaults to escalate privileges and execute arbtirary PowerShell code on vulnerable Microsoft Exchange servers.

As the attack is specific in opposition to Microsoft Exchange Mailbox server, the attacker can most likely attain obtain to other sources by means of lateral motion into Exchange and Active Listing environments.”

The Rackspace outage updates have not indicated what the precise problem was, only that it was a safety incident.

The most latest standing update as of December 4th said that the provider is even now down and shoppers are inspired to migrate to the Microsoft 365 provider.

Rackspace posted the following on December 4, 2022 at 12:37 AM:

“We keep on to make development in addressing the incident. The availability of your service and security of your knowledge is of superior significance.

We have dedicated substantial inside methods and engaged earth-course external expertise in our initiatives to lessen damaging impacts to shoppers.”

It’s feasible that the over mentioned vulnerabilities are linked to the security incident influencing the Rackspace Hosted Trade provider.

There has been no announcement of no matter if client facts has been compromised. This function is still ongoing.

Highlighted picture by Shutterstock/Orn Rin


Resource backlink