Microsoft Releases Emergency Fix for Exchange Year 2022 Bug

Microsoft has released an emergency fix for a year 2022 bug that interrupts email delivery to on-premises Microsoft Exchange servers.

As the year 2022 rolled around and the clock struck midnight, Exchange admins around the world discovered that their servers were no longer delivering email. Upon investigation, they discovered that the mail was getting stuck in the queue and the Windows event log showed one of the following errors.

Log Name: Application 
Source: FIPFS 
Logged: 1/1/2022 1:03:42 AM 
Event ID: 5300 
Level: Error 
Computer: server1.contoso.com
Description: The FIP-FS "Microsoft" Scan Engine failed to load. PID: 23092, Error Code: 0x80004005. Error Description: Can't convert "2201010001" to long.

Log Name: Application 
Source: FIPFS 
Logged: 1/1/2022 11:47:16 AM 
Event ID: 1106 
Level: Error 
Computer: server1.contoso.com 
Description: The FIP-FS Scan Process failed initialization. Error: 0x80004005. Error Details: Unspecified error.

These errors are caused by Microsoft Exchange checking the version of the FIP-FS virus scanning engine and attempting to store the date in a signed int32 variable.

However, this variable can only store a maximum value of 201 010 001, which is less than the new date value of 201 010 001 for January 1, 2022, at midnight.

For this reason, when Microsoft Exchange tries to check the version of the virus scan, it generates a bug and causes the malware engine to crash.

“The version check performed against the signature file causes the malware engine to crash, causing messages to hang in transport queues,” Microsoft explained in a blog post.

Microsoft releases interim fix

Microsoft has released an interim fix that requires customer action while working on an update that automatically fixes the issue.

This fix comes in the form of a PowerShell script named “Reset-ScanEngineVersion.ps1”. Once executed, the script will stop the Microsoft Filtering Management and Microsoft Exchange Transport services, remove the old AV engine files, download the new AV engine, and restart the services.

To use the automated script to apply the hotfix, you can follow these steps on each on-premises Microsoft Exchange server in your organization:

1. Download the Reset-ScanEngineVersion.ps1 script from https://aka.ms/ResetScanEngineVersion.
2. Open an elevated Exchange Management Shell.
3. Change the PowerShell script execution policy by running Set-ExecutionPolicy -ExecutionPolicy RemoteSigned.
4. Run the script.
5. If you previously disabled the scan engine, re-enable it using the Enable-AntimalwareScanning.ps1 scenario.

Microsoft cautions that this process can take some time, depending on the size of the organization.

Microsoft has also provided steps that administrators can use to update the scan engine manually.

After running the script, Microsoft reports that emails will start delivering again, but it may take some time depending on the amount of emails stuck in the queue.

Microsoft also explains that the new AV scan engine will carry the version number 2112330001, which refers to a date that doesn’t exist and that admins don’t have to worry about.

“The recently updated scan engine is fully supported by Microsoft. Although we have to work on this sequence in the longer term, the version of the scan engine has not been canceled, but has been incorporated into this new sequence, ”explained Microsoft.

“The scan engine will continue to receive updates in this new sequence.”