Rackspace Technologies is still unable to figure out the reason behind its Hosted Exchange environment outage.
The cloud computing services provider announced it is still working to restore email service to customers as soon as possible, with it adding more temporary solutions to those affected while it does so.
Rackspace’s issue began sometime on December 2 when it was made aware of an issue affected is Hosted Exchange environments.
Rackspace Temporary Solutions And Workarounds
Rackspace announced on its status page that a security incident caused its Hosted Exchange environment to stop functioning and that it is still working on restoring its services to customers as soon as possible.
According to the company’s latest status report, it is giving free access to Microsoft Exchange Plan licenses on Microsoft 365 to affected customers until further notice along with instructions on how to set up their account and for their employees.
It also provided a temporary solution that allows mail for a Hosted Exchange user to be routed to an external email address, though the process of doing so is a lengthy one.
According to Rackspace, customers who wish to avail of its second option have to log into their customer account for a ticket notifying the company that they are taking it.
They are then required to reply to the ticket to request the forwarding rule be put into place for their users. However, should the ticket not appear in the customer’s account, customers are advised to open another ticket with the title: REQUESTING FORWARDING FOR HOSTED EXCHANGE.
Doing so will give the company the chance to work with customers to get the solution set up. However, customers should keep in mind that this option will only send emails to the external email address after the workaround is set up – past emails won’t be available to access on the external address.
Another thing to consider is that Rackspace intends this workaround to be a temporary solution until customers have successfully migrated to Microsoft 365.
Once a customer successfully migrates to Microsoft 265, Rackspace’s new temporary solution will be no longer needed.
What Happened with Rackspace Technologies?
Rackspace first encountered the problem on Dec.2, which it first described as a “service malfunction.” It did not know the cause of the incident at the time. As such, it did not give any information about the issue.
The issue persisted for the whole weekend, preventing any Rackspace customer from availing of the company’s service that requires its Hosted Exchange environment to log into their accounts worldwide and severely affecting their businesses.
However, cybersecurity experts are chiming why Rackspace suffered such an incident. According to Bleeping Computer’s talks with cybersecurity expert Kevin Beaumont, someone exploited the ProxyNotShell vulnerability to get nto Rackspaces’ network.
ProxyNotShell is a zero-day vulnerability discovered to be actively exploited in September to install web shells on Microsoft Exchange servers, though Microsoft patched up this vulnerability in November as part of their Patch Tuesday updates. Unfortunately, Beaumont saw through Shodan that one of Rackspace’s servers, “mex06.emailsrvr.com,” was running Microsoft Exchange build 15.0.1497.40, a build that existed before the patches to fix ProxyNotShell became available.
This outdated software could be the reason why those that executed the security incident got into Rackspace’s server.
Search Engine Journal also agreed that whoever compromised Rackspace’s network got into it through a vulnerability, though it suggsted two other possible vulnerabilities: CVW-2022-41040, Microsoft’s Exchange Server Server-Side Request Forgery, and CVE-2022-41082, Microsoft Exchange Server Remote Code Execution Vulnerability.
Rackspace has yet to confirm or deny Beaumont’s analysis on the matter nor revealed the cause of the security incident, so we can’t say for sure what is affecting the company’s status.