[ad_1]
Microsoft Change on-premise servers can’t ship e-mail beginning on January 1st, 2022, as a consequence of a “Yr 2022” bug within the FIP-FS anti-malware scanning engine.
Beginning with Change Server 2013, Microsoft enabled the FIP-FS anti-spam and anti-malware scanning engine by default to guard customers from malicious e-mail.
Microsoft Change Y2K22 bug
In keeping with quite a few reviews from Microsoft Change admins worldwide, a bug within the FIP-FS engine is obstructing e-mail supply with on-premise servers beginning at midnight on January 1st, 2022.
Safety researcher and Change admin Joseph Roosen stated that that is brought on by Microsoft utilizing a signed int32 variable to retailer the worth of a date, which has a most worth of two,147,483,647.
Nevertheless, dates in 2022 have a minimal worth of two,201,010,001 or bigger, which is larger than the utmost worth that may be saved within the signed int32 variable, inflicting the scanning engine to fail and never launch mail for supply.
In keeping with extra analysis on this challenge, that is occurring as a result of Microsoft is utilizing a signed int32 for the date and the brand new date worth of two,201,010,001 is over the max worth of “lengthy” int32 being 2,147,483,647. @MSFTExchange – Undecided why it was structured this fashion??
— Joseph Roosen (@JRoosen) January 1, 2022
When this bug is triggered, an 1106 error will seem within the Change Server’s Occasion Log stating, “The FIP-FS Scan Course of failed initialization. Error: 0x8004005. Error Particulars: Unspecified Error” or “Error Code: 0x80004005. Error Description: Cannot convert “2201010001” to lengthy.”
Expensive @msexchangeteam. The FIP-FS “Microsoft” Scan Engine Did not Load. Can’t Convert “2201010001” to lengthy.
— lengthy wtf = 2201010001; (@miketheitguy) January 1, 2022
Microsoft might want to launch an Change Server replace that makes use of a bigger variable to carry the date to formally repair this bug.
Nevertheless, for on-premise Change Servers at the moment affected, admins have discovered which you can disable the FIP-FS scanning engine to permit e-mail to start out delivering once more.
To disable the FIP-FS scanning engine, you may execute the next PowerShell instructions on the Change Server:
Set-MalwareFilteringServer -Id -BypassFiltering $true
Restart-Service MSExchangeTransportAfter the MSExchangeTransport service is restarted, mail will begin being delivered once more.
Sadly, with this unofficial repair, delivered mail will now not be scanned by Microsoft’s scanning engine, resulting in extra malicious emails and spam getting by means of to customers.
Microsoft has confirmed that they’re engaged on a repair and hope to have extra info out there later as we speak.
We’re conscious of and dealing on a difficulty inflicting messages to be caught in transport queues on Change Server 2016 and Change Server 2019. The issue pertains to a date verify failure with the change of the brand new 12 months and it not a failure of the AV engine itself. This isn’t a difficulty with malware scanning or the malware engine, and it isn’t a security-related challenge. The model checking carried out in opposition to the signature file is inflicting the malware engine to crash, leading to messages being caught in transport queues.
We’re actively engaged on resolving this challenge and count on to launch particulars on easy methods to resolve this challenge later as we speak. Within the meantime, in case your group performs malware scanning of messages exterior of your on-premises Change servers (for instance, by routing mail by means of Change On-line, or by utilizing a third-party message hygiene answer), you may bypass or disable malware scanning in your Change servers and clear your transport queues. You need to use certainly one of these workarounds solely you probably have an current malware scanner for e-mail apart from the engine in Change Server.
BleepingComputer has additionally contacted Microsoft about the issue however has not acquired a response but.
Replace 1/1/22: Added info from Microsoft.
[ad_2]
