Microsoft has released an emergency fix for a year 2022 bug that interrupts email delivery to on-premises Microsoft Exchange servers.
As the year 2022 rolled around and the clock struck midnight, Exchange admins around the world discovered that their servers were no longer delivering email. Upon investigation, they discovered that the mail was getting stuck in the queue and the Windows event log showed one of the following errors.
Log Name: Application Source: FIPFS Logged: 1/1/2022 1:03:42 AM Event ID: 5300 Level: Error Computer: server1.contoso.com Description: The FIP-FS "Microsoft" Scan Engine failed to load. PID: 23092, Error Code: 0x80004005. Error Description: Can't convert "2201010001" to long.
Log Name: Application Source: FIPFS Logged: 1/1/2022 11:47:16 AM Event ID: 1106 Level: Error Computer: server1.contoso.com Description: The FIP-FS Scan Process failed initialization. Error: 0x80004005. Error Details: Unspecified error.
These errors are caused by Microsoft Exchange checking the version of the FIP-FS virus scanning engine and attempting to store the date in a signed int32 variable.
However, this variable can only store a maximum value of 201 010 001, which is less than the new date value of 201 010 001 for January 1, 2022, at midnight.
For this reason, when Microsoft Exchange tries to check the version of the virus scan, it generates a bug and causes the malware engine to crash.
“The version check performed against the signature file causes the malware engine to crash, causing messages to hang in transport queues,” Microsoft explained in a blog post.
Microsoft releases interim fix
Microsoft has released an interim fix that requires customer action while working on an update that automatically fixes the issue.
This fix comes in the form of a PowerShell script named “Reset-ScanEngineVersion.ps1”. Once executed, the script will stop the Microsoft Filtering Management and Microsoft Exchange Transport services, remove the old AV engine files, download the new AV engine, and restart the services.
To use the automated script to apply the hotfix, you can follow these steps on each on-premises Microsoft Exchange server in your organization:
- Download the Reset-ScanEngineVersion.ps1 script from https://aka.ms/ResetScanEngineVersion.
- Open an elevated Exchange Management Shell.
- Change the PowerShell script execution policy by running Set-ExecutionPolicy -ExecutionPolicy RemoteSigned.
- Run the script.
- If you previously disabled the scan engine, re-enable it using the Enable-AntimalwareScanning.ps1 scenario.
Microsoft cautions that this process can take some time, depending on the size of the organization.
Microsoft has also provided steps that administrators can use to update the scan engine manually.
After running the script, Microsoft reports that emails will start delivering again, but it may take some time depending on the amount of emails stuck in the queue.
Microsoft also explains that the new AV scan engine will carry the version number 2112330001, which refers to a date that doesn’t exist and that admins don’t have to worry about.
“The recently updated scan engine is fully supported by Microsoft. Although we have to work on this sequence in the longer term, the version of the scan engine has not been canceled, but has been incorporated into this new sequence, ”explained Microsoft.
“The scan engine will continue to receive updates in this new sequence.”
- Microsoft Fixes Insane Exchange Y2K22 Bug That Disrupted Global Messaging
- Microsoft Exchange year 2022 bug in FIP-FS interrupts email delivery
- Microsoft urges Exchange admins to fix wild-exploited bug
- Exploit released for Microsoft Exchange RCE bug, fix now
- How to Setup System Environment Variables in Windows?