Microsoft Exchange on-premises servers cannot send email from January 1, 2022, due to a “Year 2022” bug in the FIP-FS anti-malware scan engine.
Beginning with Exchange Server 2013, Microsoft enabled the FIP-FS anti-spam and anti-malware scanning engine by default to protect users from malicious emails.
Microsoft Exchange Bug Y2K22
According to numerous reports from Microsoft Exchange administrators around the world, a bug in the FIP-FS engine is blocking email delivery with on-premises servers from January 1, 2022 at midnight.
Security researcher and Exchange administrator Joseph Roosen said this is because Microsoft uses a signed int32 variable to store the value of a date, which has a maximum value of 2,147,483,647.
However, dates in 2022 have a minimum value of 2,201,010,001 or more, which is greater than the maximum value that can be stored in the signed int32 variable, causing the scan engine to fail and not freeing mail. for the delivery.
According to additional research on this problem, this occurs because Microsoft uses a signed int32 for the date, and the new date value of 2,201,010,001 is greater than the maximum value of the “long” int32 which is 2,147 483 647. @MSFTExchange – You don’t know why it was structured this way ??
– Joseph Roosen (@JRoosen) January 1, 2022
When this bug is triggered, an error 1106 will appear in the Exchange Server event log stating: “The FIP-FS scan process failed to initialize.” Error: 0x8004005. Error Details: Unspecified Error “or” Error Code: 0x80004005. Error Description: May not convert “220100001” to long. “
Dear @msexchangeteam. The “Microsoft” FIP-FS scan engine failed to load. Cannot convert “220100001” to long.
– long wtf = 220100001; (@miketheitguy) January 1, 2022
Microsoft will need to release an Exchange Server update that uses a larger variable to hold the date in order to officially fix this bug.
However, for currently affected on-premises Exchange servers, the administrators found that you can turn off the FIP-FS scan engine to allow emails to start being delivered again.
To disable the FIP-FS scan engine, you can run the following PowerShell commands on the Exchange server:
Set-MalwareFilteringServer -Identity -BypassFiltering $true Restart-Service MSExchangeTransport
After the MSExchangeTransport service is restarted, mail will begin to be delivered again.
Unfortunately, with this unofficial fix, delivered mail will no longer be scanned by Microsoft’s scanning engine, resulting in malicious and spam emails being delivered to users.
Microsoft is would have been aware of the problem and working on a fix, but there is no ETA on when it ships.
BleepingComputer has also contacted Microsoft with questions related to the bug but has yet to receive a response.