Microsoft releases a fix for Exchange bug that breaks email delivery

The exchange year 2022 bug in FIP-FS crippled email delivery service

Microsoft issues for Exchange Y2K22 get fixesThe bug crippled the email delivery service due to set of date when the year changed

Microsoft Exchange Y2K22 bug caused the issue when on-premise servers could not deliver emails. It started on January first, 2022, and the issue was named the Year 2022 bug.[1] It was the date validation error related to the date checking failure, so it occurred when the year changed exactly.[2] This is not the issue with malware scanning processes or the malware engine, and it is not related to security issues or risks.

The problem relates to a date check failure with the change of the new year and it not a failure of the engine itself.

As the reports[3] stated, this is the problem when the checking of date causes a crash of malware engine, so the messages got stuck in the transportation stage. The incident was reported, but how users got impacted and if the issue is widespread reports did not determine.

Right now, Microsoft released an emergency fix for the 2022 bug that caused issues with email delivery. Investigation showed that the email got stuck, and the Windows event log revealed errors caused.

The temporary fix for customers

The mitigation of this Y2K22 problem involves customers involvement. Microsoft recommends downloading the PowerShell-based scan engine reset script Reset-ScanEngineVersion.ps1.[4] This can be a temporary fix when executed on each Exchange mailbox server used for downloading antimalware updates.

The persecution of the command stops the Microsoft Filtering Management and Microsoft Exchange Transport services, deletes the older AV engine files, downloads the new antimalware engine, and starts the service from scratch. Microsoft also warns that this process might take some time, especially depending on the size of the organization.

There also are some steps for the admins that can update the scanning engine manually themselves. After implementing these changes, the email service should work as it is supposed to. It may take some time due to the stuck queue.

The newly updated scanning engine is fully supported by Microsoft. While we need to work on this sequence longer term, the scanning engine version was not rolled back, rather it was rolled forward into this new sequence.

Microsoft bug issues in 2021

2021 was a big year for cyber security, including major data breaches[5] hitting various companies and sites. Also, Microsoft has been busy fixing multiple zero-day bugs, security issues. November 2021 Patch Tuesday solved 55 bugs known and made public before the release.[6] Some of those flaws have been successfully exploited in the wild.

Some of the most critical and unique vulnerabilities discovered in the last year involved the ones that impacted the Microsft Exchange Server due to the improper validation of cmdlet arguments. Active exploits used the flaw with the 7.7 severity crate.

Cybersecurity researchers also detected issues with Microsoft Excel. The particular issue was related to circumventing security controls. One of the more dangerous bugs was found used to trigger RCE. This 3D flaw could have been exploited locally. In 2018, Microsoft only fixed 691 CVE flaws.

The issues with cybersecurity can still occur in 2022. There are things that need to be taken into consideration. It is important to address risk from third parties and legacy vendors. Proactive cybersecurity for cloud migration and software development should also be important.

Unfortunately, for everyday users, ransomware has been breaking havoc the whole year 2021 and it does not seem to stop in 2022. Deadly ransomware gangs emerged last year and adopted many new tactics that helped them to stand out and keep persistence up. Cybersecurity solutions and antimalware software need to evolve as well as these cybercriminals and their products do.

About the author
Jake Doevan
Jake Doevan - Computer technology expert

Jake Doevan is one of News Editors for 2-spyware.com. He graduated from the Washington and Jefferson College , Communication and Journalism studies.

Contact Jake Doevan
About the company Esolutions

References
Files
Software
Compare