Status Page
Update - The mail queue rescans to release valid mail that was held erroneously has been completed. We are still monitoring for any new reports and will process those immediately. We understand the importance of timely mail flow and apologize for any inconvenience this may have caused.
Apr 16, 09:34 CDT
Update - The mail queue rescans to release any valid mail that was held erroneously is still in process. We understand the importance of timely mail flow and sincerely apologize for any inconveniences this may have caused. We will continue to monitor performance throughout the evening.
Apr 15, 17:01 CDT
Update - Our team continues to monitor and test the actions put in place to correct this issue. They expect to begin a process of starting a re-scan for messages that may have been held erroneously to release valid mail.
Apr 15, 11:13 CDT
Monitoring - Our team continues to monitor and test the the actions put in place to correct this issue. They expect to begin a process of starting a re-scan for messages that may have been held erroneously to release valid mail.
Apr 15, 11:10 CDT
Investigating - Our Development and Engineering teams have identified a mail classification issue affecting mail flow for a small subset of customers. We are currently investigating this issue and working to rectify this as soon as possible. We apologize for any inconvenience this may cause.
Apr 15, 08:43 CDT
Update - April 2021 Exchange Server Security Updates

April 14, 2021

On April 13, 2021 Microsoft informed the Zix / AppRiver Hosted Exchange Team about four new critical Microsoft Exchange Server vulnerabilities. Microsoft released security updates addressing these vulnerabilities as part of the normal monthly patching cycle on the same day.

Our Hosted Exchange Team immediately began the process of implementing these security updates. The updates were deployed to our production environment starting on April 13 and finishing early April 14. Our Hosted Exchange Team continues to monitor information provided by Microsoft and will respond further as needed.

These vulnerabilities are described here:  CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483. These vulnerabilities communicated by Microsoft are all labeled as “Critical” with CVSSS scores of 9.8, 9.8,8.8 and 9.0 respectively.

These vulnerabilities do not impact customers using Microsoft 365 email services.
Apr 14, 16:25 CDT
Update - As a Microsoft partner, Zix | AppRiver received notification directly from Microsoft late Tuesday, March 2, 2021. Zix took immediate action upon being alerted to the attack, and quickly deployed software patches and scanning tools issued by Microsoft, among other remedial measures. Zix also launched an internal investigation and retained a forensic consultant to assist in its investigation, containment, and remediation efforts. Zix’s investigation has not revealed any evidence that the attackers were successful in obtaining unauthorized access to, or acquiring, the content of any customer email accounts in connection with this incident.
Apr 1, 09:50 CDT
Monitoring - Microsoft Security Advisory:

On March 2, the Microsoft Threat Intelligence Center warned in a blog post of a campaign to exploit previously unknown vulnerabilities affecting Exchange Server software.

The tech giant is tracking those vulnerabilities as follows:

CVE-2021-26855: a server-side request forgery (SSRF) bug in Exchange that allows a malicious actor to send arbitrary HTTP requests and authenticate as the Exchange server.
CVE-2021-26857: an insecure deserialization vulnerability in the Unified Messaging service that enables an attacker to run code as SYSTEM on the Exchange server once they’ve obtained admin permissions or exploited another security bug.
CVE-2021-26858: an arbitrary file write vulnerability in Exchange that could allow someone to write a file to any path on the server after they’ve authenticated themselves by exploiting CVE-2021-26855 or stealing a legitimate set of credentials.
CVE-2021-27065: a vulnerability that operates similarly to CVE-2021-26858.

Microsoft identified HAFNIUM as the primary threat actor abusing the vulnerabilities described above at the time of its security advisory.

For more information: https://zix.com/resources/blog/march-2021/least-30k-us-orgs-affected-threat-actors-targeting-exchange-bugs
Mar 8, 16:48 CST
Update - We are continuing to see and investigate degraded performance issues associated with our Secure Surf service. Our development and engineering teams have corrected some of the degraded performance, but are still working through issues that some customers are continuing to experience. Our team will continue to monitor internally and with vendors to resolve this issue fully. We apologize for any inconvenience this may cause.
Feb 8, 09:58 CST
Update - We are continuing to see and investigate degraded performance issues associated with our Secure Surf service. While on going work done by our development and engineering teams have corrected some of the degraded performance issues we are seeing we are not at an acceptable resolution yet. Our team is continuing to work internally and with vendors to resolve this issue fully. We apologize for any inconvenience this may cause.
Jan 26, 10:55 CST
Identified - This service is still experiencing performance issues. Our engineering teams are continuing to triage the inconsistencies associated with honoring the allowed site settings along with some issues associated with normal browsing. We apologize for any inconvenience this may cause.
Jan 15, 16:13 CST
Update - Our engineering and development teams are continuing to investigate this issue. Some customers using the Secure Surf service are experiencing an inability to get to some sites and manage settings. We will provide more information as it becomes available. We apologize for any inconvenience this may cause and the extended delay in getting this issue resolved.
Jan 12, 09:19 CST
Update - Our teams is continuing to investigate the issues with some customers using the Secure Surf service experiencing an inability to get to some sites and manage settings. We will provide more information as it becomes available. We apologize for any inconvenience this may cause.
Jan 11, 07:22 CST
Investigating - Our engineer and development teams are investigating issues with some customers using the Secure Surf service experiencing an inability to get to sites and manage settings. We will provide more information as it becomes available. We apologize for any inconvenience this may cause.
Jan 8, 20:20 CST
Secure Cloud Platform Operational
Customer Portal Operational
Partner Portal Operational
Billing Area Operational
Secure Hosted Exchange Degraded Performance
Exchange 2013/2016+ (EXG7) Degraded Performance
Office 365 Degraded Performance
Email Security ? Degraded Performance
Email Encryption Operational
Email Continuity Operational
Archive Operational
Web Protection ? Degraded Performance
DNS Hosting Plus Operational
Support Infrastructure Operational
AppRiver Phone System Operational
AppRiver Live Chat Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Past Incidents
Apr 16, 2021

Unresolved incident: Mail Classification issue.

Apr 15, 2021

Unresolved incident: Microsoft Exchange vulnerabilities.

Apr 14, 2021
Apr 13, 2021

No incidents reported.

Apr 12, 2021
Resolved - This issue has been resolved. We have confirmed all inbound calls are routing correctly now. We apologize for any inconvenience this may have caused.
Apr 12, 13:08 CDT
Investigating - We are currently investigating an issue with call quality with our phone provider. If you need immediate assistance please email to support@appriver.com.
Apr 12, 10:47 CDT
Apr 11, 2021

No incidents reported.

Apr 10, 2021

No incidents reported.

Apr 9, 2021

No incidents reported.

Apr 8, 2021

No incidents reported.

Apr 7, 2021

No incidents reported.

Apr 6, 2021

No incidents reported.

Apr 5, 2021

No incidents reported.

Apr 4, 2021

No incidents reported.

Apr 3, 2021

No incidents reported.

Apr 2, 2021

No incidents reported.