Managing Exchange is hard, even for Rackspace

An ongoing security incident is preventing Exchange users hosted at Rackspace to access basic e-mail and collaboration functionality.

Although such outages do happen occasionally, this one is apparently due to a catastrophic security incident. As outlined earlier, self managed Exchange servers are still affected by the ProxyNotShell vulnerability, prompting some to speculate Rackspace is facing a system wide breach into its hosted Exchange infrastructure, enabled precisely by this vulnerability.

To mitigate ProxyNotShell, one needs to implement careful configuration steps on each public facing Exchange server, and it's possible some servers at Rackspace were left exposed.

Whatever the case, this shows once again how difficult it is becoming to operate self-hosted or on-premise application infrastructure in today's threat environment, especially when the services are internet facing.

It appears even the largest MSPs (such as Rackspace) are struggling to operate infrastructure securely and at scale.

The current outage is still ongoing (Dec 5th) and affects SMB businesses using Rackspace Hosted Exchange. The problems started on Friday (Dec 2nd), with users experiencing errors when accessing Outlook webmail and syncing their email clients.

The outage is taking so much time, that Rackspace decided to offer another option to disgruntled customers: a free Microsoft Exchange Plan 1 license on Microsoft 365, essentially an emergency workaround to at least keep reading e-mail.

As the threat landscape evolves, it becomes an imperative for organization to effectively outsource software and infrastructure to service providers, ideally relying more on SaaS, rather than self managed infrastructure. Yes, the risks are always there, but certainly larger if you're stuck with overstretched IT personnel handling an increasingly complex infrastructure.