Cloud computing services company Rackspace has reported a security incident involving Hosted Exchange services.
Rackspace first acknowledged a security incident in an online post on Friday December 2, 2022:
“We are investigating an issue that is affecting our Hosted Exchange environments. More details will be posted as they become available.”
Throughout the day on December 2, the company continued to investigate connectivity issues and login issues to their hosted Exchange environments and “continue to work diligently to come to a resolution.”
Early December 3, 2022, Rackspace provided another update:
“On Friday, Dec 2, 2022, we became aware of an issue impacting our Hosted Exchange environment. We proactively powered down and disconnected the Hosted Exchange environment while we triaged to understand the extent and the severity of the impact. After further analysis, we have determined that this is a security incident.”
The company also sent out a tweet on December 3, 2022 regarding the outage along with a link to the status page:
UPDATE: Hosted Exchange outage. After triaging to understand the extent of the impact, we've determined that this is a security incident. Again, we apologize for the disruption. Please see our status page for details, as we update at least every 12 hours. https://t.co/Uz0k8GL7Sg
— Rackspace Technology (@Rackspace) December 3, 2022
In the latest update on December 4, 2022, Rackspace also confirmed their teams “continue to work diligently to restore email service to our customers and we are continuing to add resources to reduce wait times and increase response to tickets.”
Rackspace has provided their customer migration options to move to Office 365 as well as a temporary solution that will allow mail destined for a Hosted Exchange user to be routed to an external email address.
Although not directly linked to this incident as of December 4, it is important to note that Microsoft patched ProxyNotShell as part of their November’s Patch Tuesday after the software giant previously released a security advisory for the two zero-day Exchange vulnerabilities on September 30, 2022.
“In these attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082. It should be noted that authenticated access to the vulnerable Exchange Server is necessary to successfully exploit either vulnerability,” Microsoft wrote in a blog post.
Related Articles
- ProxyNotShell POC exploit code released
- Microsoft update for Microsoft Exchange Server zero-day ProxyNotShell vulnerabilities
- Microsoft November 2022 Security Updates addresses 65 vulnerabilities (6 zero-days to include ProxyNotShell)
- Microsoft releases out-of-band patch for Endpoint Configuration Manager
- Threat actor deploys malicious OAuth apps on compromised cloud tenants to spread spam
- Microsoft issues emergency Exchange server patch
- Intel reports leak of Alder Lake BIOS source code
- Uber provides updates on cybersecurity incident