Microsoft Exchange year 2022 bug in FIP-FS interrupts email delivery

0


Microsoft Exchange on-premises servers cannot send email from January 1, 2022, due to a “Year 2022” bug in the FIP-FS anti-malware scan engine.

Beginning with Exchange Server 2013, Microsoft enabled the FIP-FS anti-spam and anti-malware scanning engine by default to protect users from malicious emails.

Microsoft Exchange Bug Y2K22

According to numerous reports from Microsoft Exchange administrators around the world, a bug in the FIP-FS engine is blocking email delivery with on-premises servers from January 1, 2022 at midnight.

Security researcher and Exchange administrator Joseph Roosen said this is because Microsoft uses a signed int32 variable to store the value of a date, which has a maximum value of 2,147,483,647.

However, dates in 2022 have a minimum value of 2,201,010,001 or more, which is greater than the maximum value that can be stored in the signed int32 variable, causing the scan engine to fail and not freeing mail. for the delivery.

When this bug is triggered, an error 1106 will appear in the Exchange Server event log stating: “The FIP-FS scan process failed to initialize.” Error: 0x8004005. Error Details: Unspecified Error “or” Error Code: 0x80004005. Error Description: May not convert “220100001” to long. “

Microsoft will need to release an Exchange Server update that uses a larger variable to hold the date in order to officially fix this bug.

However, for the currently affected on-premises Exchange servers, administrators discovered that you can turn off the FIP-FS scanning engine to allow emails to resume delivery.

To disable the FIP-FS scan engine, you can run the following PowerShell commands on the Exchange server:

Set-MalwareFilteringServer -Identity  -BypassFiltering $true
Restart-Service MSExchangeTransport

After the MSExchangeTransport service is restarted, mail will begin to be delivered again.

Unfortunately, with this unofficial fix, delivered mail will no longer be scanned by Microsoft’s scanning engine, resulting in malicious and spam emails being delivered to users.

Microsoft is said to be aware of the problem and is working on a fix, but there is no ETA on when it ships.

BleepingComputer has also contacted Microsoft with questions related to the bug but has yet to receive a response.



Share.

About Author

Comments are closed.