Security News
Rackspace has finally confirmed the cause of the ongoing outage of its Hosted Exchange service: it's ransomware. "As you know, on Friday, December 2nd, 2022, we became aware of suspicious activity and immediately took proactive measures to isolate the Hosted Exchange environment to contain the incident. We have since determined this suspicious activity was the result of a ransomware incident," the company stated in the newest released service announcement.
Cloud computing company Rackspace has suffered a security breach that has resulted in a still ongoing outage of their Hosted Exchange environment.The connectivity issues for Rackspace Hosted Exchange customers - mostly small to medium size businesses - started on Friday, with users experiencing errors when accessing the Outlook Web App and syncing their email clients.
Some of Rackspace's hosted Microsoft Exchange services have been taken down by what the company has described as a "Security incident". "On Friday, Dec 2, 2022, we became aware of an issue impacting our Hosted Exchange environment. We proactively powered down and disconnected the Hosted Exchange environment while we triaged to understand the extent and the severity of the impact. After further analysis, we have determined that this is a security incident."
American cloud computing services provider Rackspace says an ongoing outage affecting its hosted Microsoft Exchange environments and likely thousands of customers was caused by a security incident. "We are investigating an issue that is affecting our Hosted Exchange environments. More details will be posted as they become available," Rackspace said on Friday night, at 02:49 AM EST, when it acknowledged the outage.
American cloud computing services provider Rackspace is investigating a 12-hour-long and still active outage leading to connectivity issues and affecting hosted Microsoft Exchange environments they manage for their customers. "We are investigating an issue that is affecting our Hosted Exchange environments. More details will be posted as they become available," Rackspace said on Friday night, at 02:49 AM EST, when it acknowledged the outage.
Were] two zero-days that [could] be chained together, with the first bug used remotely to open enough of a hole to trigger the second bug, which potentially allows remote code execution on the Exchange server itself. It does mean that an automated Python script can't just scan the whole internet and potentially exploit every Exchange server in the world in a matter of minutes or hours, as we saw happen with ProxyLogon and ProxyShell in 2021.
Proof-of-concept exploit code has been released online for two actively exploited and high-severity vulnerabilities in Microsoft Exchange, collectively known as ProxyNotShell. Microsoft released security updates to address the two security flaws as part of the November 2022 Patch Tuesday, even though ProxyNotShell attacks have been detected since at least September 2022.
Unlike ProxyShell, the new bugs weren't directly exploitable by anyone with an internet connection and a misguided sense of cybersecurity adventure. We therefore assumed, probably in common with most Naked Security readers, that the patches would arrive calmly and unhurriedly as part of the October 2022 Patch Tuesday, still more than two weeks away.
Microsoft has released security updates to address two high-severity Microsoft Exchange zero-day vulnerabilities collectively known as ProxyNotShell and exploited in the wild. Microsoft confirmed they were actively abused in attacks on September 30, saying it was "Aware of limited targeted attacks using the two vulnerabilities to get into users' systems."
We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.