Rackspace suffers from security incident involving Hosted Exchange services

Cloud computing services company Rackspace has reported a security incident involving Hosted Exchange services.

Rackspace first acknowledged a security incident in an online post on Friday December 2, 2022:

“We are investigating an issue that is affecting our Hosted Exchange environments. More details will be posted as they become available.”

Throughout the day on December 2, the company continued to investigate connectivity issues and login issues to their hosted Exchange environments and “continue to work diligently to come to a resolution.”

Early December 3, 2022, Rackspace provided another update:

“On Friday, Dec 2, 2022, we became aware of an issue impacting our Hosted Exchange environment. We proactively powered down and disconnected the Hosted Exchange environment while we triaged to understand the extent and the severity of the impact. After further analysis, we have determined that this is a security incident.”

The company also sent out a tweet on December 3, 2022 regarding the outage along with a link to the status page:

In the latest update on December 4, 2022, Rackspace also confirmed their teams “continue to work diligently to restore email service to our customers and we are continuing to add resources to reduce wait times and increase response to tickets.”

Rackspace has provided their customer migration options to move to Office 365 as well as a temporary solution that will allow mail destined for a Hosted Exchange user to be routed to an external email address.

Although not directly linked to this incident as of December 4, it is important to note that Microsoft patched ProxyNotShell as part of their November’s Patch Tuesday after the software giant previously released a security advisory for the two zero-day Exchange vulnerabilities on September 30, 2022.

“In these attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082. It should be noted that authenticated access to the vulnerable Exchange Server is necessary to successfully exploit either vulnerability,” Microsoft wrote in a blog post.

Related Articles