Microsoft Exchange server bug

Microsoft Exchange on-premise servers cannot evangelize e-mail starting on January 1st, 2022, due to a "Yr 2022" bug in the FIP-FS anti-malware scanning engine.

Starting with Exchange Server 2013, Microsoft enabled the FIP-FS anti-spam and anti-malware scanning engine past default to protect users from malicious email.

Microsoft Exchange Y2K22 bug

According to numerous reports from Microsoft Commutation admins worldwide, a issues in the FIP-FS engine is blocking email delivery with on-premise servers starting at midnight on January 1st, 2022.

Security researcher and Substitution admin Joseph Roosen said that this is caused by Microsoft using a signed int32 variable to store the value of a appointment, which has a maximum value of 2,147,483,647.

However, dates in 2022 have a minimum value of 2,201,010,001, which is greater than the maximum value that can exist stored in the signed int32 variable, causing the scanning engine to neglect and not release mail service for commitment.

When this issues is triggered, an 1106 error volition appear in the Exchange Server's Event Log stating, "The FIP-FS Scan Procedure failed initialization. Mistake: 0x8004005. Error Details: Unspecified Mistake" or "Error Code: 0x80004005. Error Description: Can't convert "2201010001" to long."

Microsoft will need to release an Commutation Server update that uses a larger variable to hold the appointment to officially set this bug.

However, for on-premise Commutation Servers currently afflicted, admins have found that you tin can disable the FIP-FS scanning engine to allow electronic mail to starting time delivering again.

To disable the FIP-FS scanning engine, you can execute the following PowerShell commands on the Exchange Server:

          Gear up-MalwareFilteringServer -Identity  -BypassFiltering $true Restart-Service MSExchangeTransport

After the MSExchangeTransport service is restarted, mail will start being delivered again.

Unfortunately, with this unofficial fix, delivered mail service volition no longer exist scanned by Microsoft'due south scanning engine, leading to more malicious emails and spam getting through to users.

Microsoft has confirmed that they are working on a set up and promise to take more information available later on today.

We are aware of and working on an result causing messages to be stuck in ship queues on Exchange Server 2016 and Commutation Server 2019. The problem relates to a appointment cheque failure with the alter of the new year and it not a failure of the AV engine itself. This is non an upshot with malware scanning or the malware engine, and information technology is non a security-related outcome. The version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues.

Nosotros are actively working on resolving this issue and expect to release details on how to resolve this result afterwards today. In the meantime, if your organization performs malware scanning of messages outside of your on-premises Commutation servers (for instance, by routing mail through Exchange Online, or by using a third-party bulletin hygiene solution), you lot can bypass or disable malware scanning on your Substitution servers and clear your transport queues. You should employ one of these workarounds only if you lot have an existing malware scanner for e-mail other than the engine in Exchange Server.

BleepingComputer has also contacted Microsoft near the problem but has not received a response yet.

Update one/1/22: Added data from Microsoft.