Status Page
Monitoring - A fix has been implemented and we are monitoring the results.
Jul 19, 14:43 CDT
Investigating - We are currently investigating Office 365 licensing within the customer portal resulting in page time outs. We do apologize for the inconvenience and appreciate your patience. We will update status as we receive more information.
Jul 19, 10:03 CDT
Monitoring -

Zix is aware of a compromise that impacts Kaseya Limited, a software vendor that supports the Managed Service Provider (MSP) market through its VSA tools. More details can be found here:


Important Notice July 3rd, 2021 – Kaseya


Kaseya supply chain attack delivers mass ransomware event to US companies | by Kevin Beaumont | Jul, 2021 | DoublePulsar


Zix does not run any Kaseya software or systems.  We are reviewing and implementing proactive measures to harden our security based on the industry learnings from this breach.


Thank you for your continued support.


Jul 3, 12:39 CDT
Identified - We are actively working with Microsoft on this issue and they have verified and confirmed the issue. Microsoft has a planned deployment to address this issue, but the date is tentatively set to the first week in July 2021.

In the interim, Microsoft has created an alert system to address these issues proactively as well to help mitigate issues until the deployment is complete.
Jun 21, 17:05 CDT
Investigating - We are currently investigating Office 365 automatic mode licensing within the customer portal. This is only affecting our European region at this time. We do apologize for the inconvenience and appreciate your patience. We will update status as we receive more information.
Jun 4, 10:11 CDT
Monitoring - A fix has been implemented and we are monitoring the results.
Jun 4, 10:07 CDT
Investigating - We are currently investigating issues with our Customer Portal that is affecting a subset of customers. The symptoms would be general slowness of loading the Customer Portal for users as they navigate through the portal. Currently we have narrowed this down to user’s location in the European region
Jun 3, 08:01 CDT
Update - April 2021 Exchange Server Security Updates

April 14, 2021

On April 13, 2021 Microsoft informed the Zix / AppRiver Hosted Exchange Team about four new critical Microsoft Exchange Server vulnerabilities. Microsoft released security updates addressing these vulnerabilities as part of the normal monthly patching cycle on the same day.

Our Hosted Exchange Team immediately began the process of implementing these security updates. The updates were deployed to our production environment starting on April 13 and finishing early April 14. Our Hosted Exchange Team continues to monitor information provided by Microsoft and will respond further as needed.

These vulnerabilities are described here:  CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483. These vulnerabilities communicated by Microsoft are all labeled as “Critical” with CVSSS scores of 9.8, 9.8,8.8 and 9.0 respectively.

These vulnerabilities do not impact customers using Microsoft 365 email services.
Apr 14, 16:25 CDT
Update - As a Microsoft partner, Zix | AppRiver received notification directly from Microsoft late Tuesday, March 2, 2021. Zix took immediate action upon being alerted to the attack, and quickly deployed software patches and scanning tools issued by Microsoft, among other remedial measures. Zix also launched an internal investigation and retained a forensic consultant to assist in its investigation, containment, and remediation efforts. Zix’s investigation has not revealed any evidence that the attackers were successful in obtaining unauthorized access to, or acquiring, the content of any customer email accounts in connection with this incident.
Apr 1, 09:50 CDT
Monitoring - Microsoft Security Advisory:

On March 2, the Microsoft Threat Intelligence Center warned in a blog post of a campaign to exploit previously unknown vulnerabilities affecting Exchange Server software.

The tech giant is tracking those vulnerabilities as follows:

CVE-2021-26855: a server-side request forgery (SSRF) bug in Exchange that allows a malicious actor to send arbitrary HTTP requests and authenticate as the Exchange server.
CVE-2021-26857: an insecure deserialization vulnerability in the Unified Messaging service that enables an attacker to run code as SYSTEM on the Exchange server once they’ve obtained admin permissions or exploited another security bug.
CVE-2021-26858: an arbitrary file write vulnerability in Exchange that could allow someone to write a file to any path on the server after they’ve authenticated themselves by exploiting CVE-2021-26855 or stealing a legitimate set of credentials.
CVE-2021-27065: a vulnerability that operates similarly to CVE-2021-26858.

Microsoft identified HAFNIUM as the primary threat actor abusing the vulnerabilities described above at the time of its security advisory.

For more information: https://zix.com/resources/blog/march-2021/least-30k-us-orgs-affected-threat-actors-targeting-exchange-bugs
Mar 8, 16:48 CST
Secure Cloud Platform Operational
Customer Portal Operational
Partner Portal Operational
Billing Area Operational
Secure Hosted Exchange Operational
Exchange 2013/2016+ (EXG7) Operational
Office 365 Operational
Email Security ? Operational
Email Encryption Operational
Email Continuity Operational
Archive Operational
Web Protection ? Degraded Performance
DNS Hosting Plus Operational
Support Infrastructure Operational
AppRiver Phone System Operational
AppRiver Live Chat Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Past Incidents
Jul 31, 2021

No incidents reported today.

Jul 30, 2021
Resolved - Dear Zix|Appriver Customer,



Our team has resolved the login issues but we are continuing to monitor the situation closely.

We do apologize for any inconveniences this had caused.

Thank you

Zix|Appriver Customer Support
Jul 30, 12:25 CDT
Investigating - We are currently investigating issues with logging into the customer portal. We do apologize for the inconvenience and will post an update as soon as it is available. We do appreciate your patience.
Jul 30, 11:32 CDT
Jul 29, 2021
Resolved - This incident has been resolved.
Jul 29, 06:58 CDT
Monitoring - A fix has been implemented and we are monitoring the results.
Jul 28, 16:28 CDT
Investigating - We are currently investigating an issue with Office 365 licensing in the customer portal. Our team is aware of the issue and are working diligently to resolve. We do apologize for the inconvenience and will update status as we have more information. We do appreciate your patience.
Jul 28, 15:59 CDT
Resolved - Incident information
Title: Unable to access Microsoft 365 services
ID: MO273940

Status
Service Restored

Details
Title: Unable to access Microsoft 365 services
User Impact: Users may have been unable to access one or more Microsoft 365 services or experienced degraded functionality.

More info:
Services impacted may have included, but were not limited to:
- Microsoft Teams
- Skype for Business
- Exchange Online (Outlook Desktop and Outlook on the web)
- Microsoft 365 admin center
- SharePoint Online
- OneDrive for Business

Final status: We've confirmed that redirecting user traffic to alternative channels has been successful in resolving the issue.

Scope of impact: Impact was specific to users served through the affected third-party Internet Service Provider (ISP) infrastructure in Germany.

Start time: Thursday, July 29, 2021, at 6:15 AM UTC
End time: Thursday, July 29, 2021, at 7:00 AM UTC

Root cause: A third-party Internet Service Provider (ISP) link was processing user traffic to Microsoft services as expected.

Next steps:
- We're following up with our third party ISP provider to determine the root cause for the issue and to prevent this problem from happening again.

This is the final update for the event.

Thank you,
The Microsoft team
Jul 29, 04:55 CDT
Update - Advisory information
Title: Unable to access Microsoft 365 services

ID: MO273940

Status
Service Degradation

Details
Title: Unable to access Microsoft 365 services

User Impact: Users may be unable to access one or more Microsoft 365 services or experience degraded functionality.

Current status: We're reviewing service telemetry to isolate the root cause of impact and determine our next troubleshooting steps.

Scope of impact: Early indications suggest this issue may be specific to users served through the affected infrastructure in Germany.

Thank you,
The Microsoft team
Jul 29, 02:36 CDT
Identified - Advisory information

Title: Unable to access Microsoft 365 services
ID: MO273940

Status
Investigating

Details
Title: Unable to access Microsoft 365 services

User Impact: Users may be unable to access one or more Microsoft 365 services or experience degraded functionality.
Current status: We're investigating reports of a potential issue and checking for impact to your organization. We'll provide an update within 30 minutes.

Scope of impact: Early indications suggest this issue may be specific to users based in Germany.

Thank you,
The Microsoft team
Jul 29, 02:08 CDT
Resolved - This incident has been resolved.
Jul 29, 02:07 CDT
Identified - Exchange Online service alert

Incident information

Title: Some Microsoft 365 or hybrid Exchange Online users may be unable to sign in to service from any connection method

ID: EX268014

Status
Service Degradation

Details
Title: Some Microsoft 365 or hybrid Exchange Online users may be unable to sign in to service from any connection method

User Impact: Users may be unable to sign in to Exchange Online from any connection method.

More info: This issue is specific to Microsoft 365 and Hybrid Exchange users hosted on infrastructure in North and West Europe, as well as East United States.

Current status: We've received reports that a subset of Microsoft 365 and hybrid Exchange Online users hosted on infrastructure in North and West Europe, as well as East United States are unable to sign in to the service through any connection method. Our investigation indicates that the affected users' mailboxes are unable to be detected correctly by the AutoDetect service. We're reviewing provided logs and recent updates to determine our mitigation plan.

Scope of impact: This issue is impacting a subset of Microsoft 365 and hybrid Exchange Online users hosted on infrastructure in North and West Europe, as well as East United States, whose mailboxes are unable to be detected correctly by the AutoDetect service.

Next update by: Wednesday, July 14, 2021, at 5:00 AM UTC


Thank you,
The Microsoft team
Jul 8, 22:50 CDT
Jul 28, 2021
Jul 27, 2021

No incidents reported.

Jul 26, 2021

No incidents reported.

Jul 25, 2021

No incidents reported.

Jul 24, 2021

No incidents reported.

Jul 23, 2021

No incidents reported.

Jul 22, 2021

No incidents reported.

Jul 21, 2021

No incidents reported.

Jul 20, 2021
Resolved - Exchange Online service alert

Advisory information
Title: Some admins can't access the Exchange admin center (EAC)
ID: EX271749
Status
Service Restored
Details
Title: Some admins can't access the Exchange admin center (EAC)
User Impact: Admins were unable to access the EAC.
More info: Admins encountering this problem would receive an error with the description "AADSTS50011: The reply URL specified in the request does not match the reply URLS configured for the application."
Final status: From our review of the available data and by reproducing the issue in our internal environment, we determined that impact was occurring due to a recent standard service update which introduced a code regression. We rolled back this change and confirmed that impact is no longer occurring.
Scope of impact: Some admins attempting to access the EAC may have experienced impact.
Start time: Tuesday, July 20, 2021, at 12:25 AM UTC
End time: Tuesday, July 20, 2021, at 6:35 PM UTC
Root cause: A recent standard service update contained a code regression which resulted in impact.
Next steps:
- We're reviewing our standard service update testing and validation procedures to avoid similar impact in the future.
This is the final update for the event.

Thank you,
The Microsoft team
Jul 20, 15:11 CDT
Investigating - Advisory information
Title: Some admins can't access the Exchange admin center (EAC)
ID: EX271749
Status
Service Degradation
Details
Title: Some admins can't access the Exchange admin center (EAC)
User Impact: Admins are unable to access the EAC.
More info: Admins encountering this problem will receive an error with the description "AADSTS50011: The reply URL specified in the request does not match the reply URLS configured for the application."
Current status: We're reviewing available data to gain insight into the root cause of this issue. In parallel, we're requesting that impacted admins provide a Fiddler network trace log that details the reproduction of the issue to assist with our investigation.
Scope of impact: Your organization is affected by this event, and this issue affects some admins attempting to access the EAC may experience impact.
Next update by: Tuesday, July 20, 2021, at 7:30 PM UTC

Thank you,
The Microsoft team
Jul 20, 14:01 CDT
Jul 19, 2021
Jul 18, 2021

No incidents reported.

Jul 17, 2021

No incidents reported.