TRY NOW
Vulnerability

Y2K22 Exchange Bug Cripples Emails

2 min. read
04/01/2022
By Esben Dochy
Microsoft Exchange Blog

Microsoft was undoubtedly the first to surprise everyone in the new year. An issue in Exchange’s antivirus engine is causing email delivery to fail on Exchange 2019 and Exchange 2016 servers. Luckily Microsoft provided mitigation using a script while a patch is in the works.

Antivirus Engine Bug

With the new year, the usage of a signed 32-bit number is suspected to be the point of failure. Users started seeing a repeated error message:

The FIP-FS ‘Microsoft’ Scan Engine failed to load. PID: 23092, Error Code: 0x80004005. Error Description: Can’t convert ‘2201010001’ to long.

With a max value of 2147483648, a 32-bit number was not enough to store the new value starting with 22 (due to the year change to 2022). This is likely why the components crashed, causing messages to get stuck. Officially, Microsoft lists that:

The problem relates to a date check failure with the change of the new year and it not a failure of the AV engine itself. This is not an issue with malware scanning or the malware engine, and it is not a security-related issue. The version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues.

Identify Affected Servers

Both Exchange 2019 and 2016 can be affected, luckily, there are specific errors that indicate an issue. Both error event id 5300 and 1106 are indicators. Using Lansweeper’s event log scanning, scanning these events are easily found and you can get a quick overview of servers affected.

Y2K22 Bug Audit

Bug Mitigation Live

To resolve the issue, Microsoft released a script that resets the antivirus scan engine version to a new version that doesn’t run into the Y2K22 issue and that will be able to automatically update in the future. On their official Exchange blog, they also listed a Q&A with a lot of relevant information in addition to steps to do perform the changes manually if you prefer going old-school.

NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.