Microsoft has confirmed that it is working on a fix for the FIP-FS engine (antivirus engine) on Microsoft Exchange 2016 and 2019 Servers that could result in emails being struck in transit. These problems first started right as the year switched over to 2022, and have widely been discussed on social media, being dubbed as the “Microsoft Exchange Y2K22 bug.”
According to Microsoft, the issue at heart relates to a date check failure in the change of the near from 2021 to 2022. On the more technical side, in on-premise servers with Microsoft Exchange 2016 and 2019, Microsoft is apparently using signed int32 variable to store the value of a date. This has a maximum value of 2,147,483,647, and security researcher Joseph Roosen mentions (via Bleeping Computer,) dates in the year 2022 have a minimum value of 2,201,010,001 or larger.
This is greater than the maximum value that Microsoft is storing in the signed int32 variable, and this can cause the malware scanning engine of Exchange to crash and not send out emails. Microsoft, though, is clear to point out that this is not a failure of Exchange’s antivirus engine and it is not a security-related issue. As of publishing on January 1, the company confirmed that details on how to resolve the issue should be coming later. The Exchange Team posted the following message:
Our engineers were working around the clock on a fix that would eliminate the need for customer action, but we determined that any change that did not involve customer action would require several days to develop and deploy. We are working on another update which is in final test validation. The update requires customer action, but it will provide the quickest time to resolution.
As a workaround, it’s being suggested to disable or bypass malware scanning on Exchange servers, but only if customers have an existing malware scanner other than Exchange’s own solution. Two documents are available on the issue. One about Antimalware protection in Exchange Server, and another about procedures for antimalware protection in Exchange Server. There’s also a community discussion about the issue on Reddit if you’re an IT admin who has experience with this issue.
