[ad_1]
Microsoft Trade on-premise servers can’t ship electronic mail beginning on January 1st, 2022, resulting from a “Yr 2022” bug within the FIP-FS anti-malware scanning engine.
Beginning with Trade Server 2013, Microsoft enabled the FIP-FS anti-spam and anti-malware scanning engine by default to guard customers from malicious electronic mail.
Microsoft Trade Y2K22 bug
In response to quite a few reviews from Microsoft Trade admins worldwide, a bug within the FIP-FS engine is obstructing electronic mail supply with on-premise servers beginning at midnight on January 1st, 2022.
Safety researcher and Trade admin Joseph Roosen mentioned that that is attributable to Microsoft utilizing a signed int32 variable to retailer the worth of a date, which has a most worth of two,147,483,647.
Nonetheless, dates in 2022 have a minimal worth of two,201,010,001 or bigger, which is bigger than the utmost worth that may be saved within the signed int32 variable, inflicting the scanning engine to fail and never launch mail for supply.
In response to further analysis on this difficulty, that is occurring as a result of Microsoft is utilizing a signed int32 for the date and the brand new date worth of two,201,010,001 is over the max worth of “lengthy” int32 being 2,147,483,647. @MSFTExchange – Undecided why it was structured this manner??
— Joseph Roosen (@JRoosen) January 1, 2022
When this bug is triggered, an 1106 error will seem within the Trade Server’s Occasion Log stating, “The FIP-FS Scan Course of failed initialization. Error: 0x8004005. Error Particulars: Unspecified Error” or “Error Code: 0x80004005. Error Description: Cannot convert “2201010001” to lengthy.”
Expensive @msexchangeteam. The FIP-FS “Microsoft” Scan Engine Didn’t Load. Can’t Convert “2201010001” to lengthy.
— lengthy wtf = 2201010001; (@miketheitguy) January 1, 2022
Microsoft might want to launch an Trade Server replace that makes use of a bigger variable to carry the date to formally repair this bug.
Nonetheless, for on-premise Trade Servers at present affected, admins have discovered that you may disable the FIP-FS scanning engine to permit electronic mail to begin delivering once more.
To disable the FIP-FS scanning engine, you may execute the next PowerShell instructions on the Trade Server:
Set-MalwareFilteringServer -Identification -BypassFiltering $true
Restart-Service MSExchangeTransport
After the MSExchangeTransport service is restarted, mail will begin being delivered once more.
Sadly, with this unofficial repair, delivered mail will not be scanned by Microsoft’s scanning engine, resulting in extra malicious emails and spam getting by means of to customers.
Microsoft has confirmed that they’re engaged on a repair and hope to have extra info accessible later immediately.
We’re conscious of and dealing on a difficulty inflicting messages to be caught in transport queues on Trade Server 2016 and Trade Server 2019. The issue pertains to a date test failure with the change of the brand new yr and it not a failure of the AV engine itself. This isn’t a difficulty with malware scanning or the malware engine, and it’s not a security-related difficulty. The model checking carried out in opposition to the signature file is inflicting the malware engine to crash, leading to messages being caught in transport queues.
We’re actively engaged on resolving this difficulty and count on to launch particulars on how you can resolve this difficulty later immediately. Within the meantime, in case your group performs malware scanning of messages exterior of your on-premises Trade servers (for instance, by routing mail by means of Trade On-line, or by utilizing a third-party message hygiene resolution), you may bypass or disable malware scanning in your Trade servers and clear your transport queues. It is best to use one in all these workarounds solely you probably have an present malware scanner for electronic mail aside from the engine in Trade Server.
BleepingComputer has additionally contacted Microsoft about the issue however has not obtained a response but.
Replace 1/1/22: Added info from Microsoft.
[ad_2]