Microsoft Exchange on-premise servers cannot deliver emails starting on January 1st, 2022, due to a bug in the FIP-FS anti-malware scanning engine dubbed Y2k22 bug.
FIP-FS is the anti-malware scanning engine used by Microsoft to protect its users, it was used starting with Exchange Server 2013. The security researcher Joseph Roosen explained that the root cause of the issue is the use of a signed int32 variable to store the value of a date, which has a maximum value of 2,147,483,647.
This means that dates related to 2022, having a minimum value of 2,201,010,001 or larger, can be stored in the signed int32 variable. The scanning engine fails to handle the date and generates an 1106 error as visible in the Exchange Server’s Event Log.
“The FIP-FS “Microsoft” Scan Engine failed to load.” “Error Code: 0x80004005. Error Description: Can’t convert “2201010003”
In order to fix the Y2k22 bug Microsoft will have to use a larger variable to handle the date.
Administrators of on-premise Exchange Servers instances can disable the FIP-FS scanning engine as a workaround and allow email to restore the mail flow.
“I’ve tried forcing it to check for another update, but it returned “MS Filtering Engine Update process has not detected any new scan engine updates”. … I’ve temporarily disabled anti-malware scanning, to restore mail flow for now.” reads a discussion on Reddit.
Microsoft is currently aware of the Y2k22 but and is working on a fix.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Y2k22)
[adrotate banner=”5″]
[adrotate banner=”13″]
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and…
As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement…
Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals…
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
This website uses cookies.