As the clock struck midnight on January 1, 2022, Microsoft had an unexpected hiccup with its Exchange servers. Apparently, the servers weren’t able to process the new date, which meant the servers couldn’t process mail. Cyber security analysts noticed the issue after Microsoft scheduled a patch to allow for processing the new date, but the patch didn’t deliver.
According to Marius Sandbu, a manager for the Norwegian firm Sopra Steria, Microsoft uses a date format of "YYMMDDHHMM". When the new year’s date is converted to signed int32 the new value of 2,201,010,001 is over the max value of the ‘long’ int, which is 2,147,483,647. This resulted in an integer overflow which crashed Exchange servers, causing emails to get stuck in transport queues of on-premises Exchange servers.
The error affects Exchange Servers 2013, 2016, and 2019. Additionally, the version checking performed against the signature file caused the malware engine to crash, which means the mail is getting stuck during transport. Microsoft issued a statement addressing the issue and stated that the Exchange Server bug is a date check failure and is not an issue with malware scanning or the malware engine.
Microsoft has since resolved the date issue, but the fix requires some effort on the consumers’ part. The company stated that when the date issue occurs, you’ll see errors in the Application event log on the Exchange Server – event 5300 and 1106 (FIPFS). They have issued an automated fix and a manual fix that you can find below. Looks like Y2K22 ended before it really got started.
How Avertium is Protecting Our Customers
Some cyber security professionals are using the stop-gap solution to mitigate this problem. They are disabling malware scanning on their Exchange Servers, but this leaves users and servers vulnerable to an attack. Avertium offers the following services to help protect your organization:
Microsoft recommends the following automated solution:
Microsoft recommends the following manual solution:
To manually resolve this issue, you must perform the following steps on each Exchange mailbox server in your organization that downloads antimalware updates.