The Trade hosted by Rackspace suffered a catastrophic outage as of December 2, 2022 and continues to be ongoing as of 00:37 December 4. Initially described as login and connectivity points, the information was finally up to date to announce that they had been coping with a safety incident.
Rackspace Hosted Trade Points
Rackspace’s system went down within the early morning hours of December 2, 2022. Initially, Rackspace didn’t say what the issue was, not to mention an ETA for when it will be resolved.
Clients on Twitter reported that Rackspace was not responding to help emails.
This has been fairly a day with #Rackspace. Every hosted trade shopper has been down for about 14 hours. Assist shouldn’t be studying/responding to tickets. The updates are usually not helpful.
Now I am fearful that they could have fallen sufferer to one thing dangerous just like the ProxyNotShell PoC hack. https://t.co/jchKsAO3Z7
—Joe Sinkwitz (@CygnusSEO) December 2, 2022
A Rackspace buyer despatched me a personal message by way of social media on Friday to inform me about his expertise:
“All Trade purchasers hosted within the final 16 hours.
I am undecided what number of firms there are, however it’s important.
They’re delivering a protracted delay 554 bounce, so folks sending emails do not discover the bounce for a number of hours.”
Rackspace’s official standing web page provided a rolling replace on the outage, however preliminary posts had no data apart from an outage and that it was being investigated.
The primary official replace was on December 2 at 2:49 AM:
“We’re investigating a problem that has effects on our Hosted Trade environments. Extra particulars shall be posted as they turn out to be out there.”
13 minutes later, Rackspace began calling it a “connectivity subject.”
“We’re investigating reviews of connectivity points with our Trade environments.
Customers could expertise an error when accessing Outlook Internet App (Webmail) and synchronizing their e-mail purchasers.
At 6:36am, Rackspace updates described the present subject as “login and connectivity points” and, later that afternoon, at 1:54pm. mistaken.
And so they had been nonetheless calling it “login and connectivity points” of their Cloud Workplace environments at 4:51 pm that afternoon.
Rackspace recommends migrating to Microsoft 365
4 hours later, Rackspace known as the scenario a “important flaw” and started providing prospects free Microsoft Trade Plan 1 licenses in Microsoft 365 as a workaround till they understood the difficulty and will get the system again up and operating. line.
The official information stated:
“We skilled a major failure in our Hosted Trade surroundings. We proactively shut down the surroundings to stop additional points whereas we proceed to work to revive service. As we proceed to work on the foundation explanation for the difficulty, we have now a workaround that can reactivate your potential to ship and obtain e-mail.
For gratis to you, we’ll present entry to Microsoft Trade Plan 1 licenses in Microsoft 365 till additional discover.”
Rackspace Hosted Trade safety incident
It wasn’t till virtually 24 hours later, at 1:57 am on December 3, that Rackspace formally introduced that its hosted Trade service was experiencing a safety incident.
The announcement additional revealed that Rackspace technicians had shut down and disconnected the Trade surroundings.
“After additional evaluation, we have now decided that it is a safety incident.
The recognized impression is remoted to 1 a part of our Hosted Trade platform. We’re taking the required steps to evaluate and defend our environments.”
Twelve hours later that afternoon, they up to date the standing web page with extra data that their safety group and outdoors consultants had been nonetheless working to resolve the outage.
Was the Rackspace service affected by a vulnerability?
Rackspace has not launched particulars of the safety occasion.
A safety occasion often implies a vulnerability and there are two critical vulnerabilities presently in progress that had been fastened in November 2022.
These are the 2 most present vulnerabilities:
Microsoft Trade Server Server-Facet Request Forgery (SSRF) vulnerability
A server-side request forgery (SSRF) assault permits a hacker to learn and alter knowledge on the server.
Microsoft Trade Server Distant Code Execution Vulnerability
A distant code execution vulnerability is one during which an attacker can execute malicious code on a server.
An advisory revealed in October 2022 described the impression of the vulnerabilities:
“An authenticated distant attacker can carry out SSRF assaults to escalate privileges and execute arbitrary PowerShell code on weak Microsoft Trade servers.
As a result of the assault is directed towards the Microsoft Trade Mailbox server, the attacker can probably achieve entry to different assets by means of lateral motion into the Trade and Lively Listing environments.”
Updates to the Rackspace outage haven’t indicated what the particular subject was, solely that it was a safety incident.
The newest standing replace on December 4 indicated that the service continues to be dormant and prospects are inspired emigrate to the Microsoft 365 service.
Rackspace posted the next on December 4, 2022 at 12:37 am:
“We proceed to make progress in addressing the incident. The supply of your service and the safety of your knowledge is of nice significance.
Now we have dedicated in depth inside assets and employed world-class exterior experience in our efforts to reduce destructive impacts to purchasers.”
The vulnerabilities talked about above could also be associated to the safety incident affecting the Rackspace Hosted Trade service.
There was no announcement as as to whether buyer data has been compromised. This occasion continues to be ongoing.
Featured picture from Shutterstock/Orn Rin
window.addEventListener( 'load', function() setTimeout(function() striggerEvent( 'load2' ); , 2000); );
window.addEventListener( 'load2', function()
if( sopp != 'yes' && addtl_consent != '1~' && !ss_u )
!function(f,b,e,v,n,t,s) if(f.fbq)return;n=f.fbq=function()n.callMethod? n.callMethod.apply(n,arguments):n.queue.push(arguments); if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0'; n.queue=;t=b.createElement(e);t.async=!0; t.src=v;s=b.getElementsByTagName(e); s.parentNode.insertBefore(t,s)(window,document,'script', 'https://connect.facebook.net/en_US/fbevents.js');
if( typeof sopp !== "undefined" && sopp === 'yes' ) fbq('dataProcessingOptions', ['LDU'], 1, 1000); else fbq('dataProcessingOptions', );
fbq('trackSingle', '1321385257908563', 'ViewContent', content_name: 'rackspace-hosted-exchange-outage-due-to-security-incident', content_category: 'news security' );