Microsoft Exchange on-premise servers cannot deliver emails starting on January 1st, 2022, due to a bug in the FIP-FS anti-malware scanning engine dubbed Y2k22 bug.
FIP-FS is the anti-malware scanning engine used by Microsoft to protect its users, it was used starting with Exchange Server 2013. The security researcher Joseph Roosen explained that the root cause of the issue is the use of a signed int32 variable to store the value of a date, which has a maximum value of 2,147,483,647.
This means that dates related to 2022, having a minimum value of 2,201,010,001 or larger, can be stored in the signed int32 variable. The scanning engine fails to handle the date and generates an 1106 error as visible in the Exchange Server’s Event Log.
“The FIP-FS “Microsoft” Scan Engine failed to load.” “Error Code: 0x80004005. Error Description: Can’t convert “2201010003”
In order to fix the Y2k22 bug Microsoft will have to use a larger variable to handle the date.
Administrators of on-premise Exchange Servers instances can disable the FIP-FS scanning engine as a workaround and allow email to restore the mail flow.
“I’ve tried forcing it to check for another update, but it returned “MS Filtering Engine Update process has not detected any new scan engine updates”. … I’ve temporarily disabled anti-malware scanning, to restore mail flow for now.” reads a discussion on Reddit.
Microsoft is currently aware of the Y2k22 but and is working on a fix.
Follow me on Twitter: @securityaffairs and Facebook
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, Y2k22)