Security vendor SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug.
According to the company, starting January 1, 2022, its Email Security products began experiencing an issue causing junk box and message log updates to fail.
The administrators and email users will be unable to access the junk box or un-junk new emails and to trace the incoming/outgoing emails through message logs.
In order to address the problem, on January 2nd, SonicWall released updates to North American and European instances of Hosted Email Security. The vendor also released fixes for its on-premises Email Security Appliance (ES 10.0.15) and customers using firewalls with the Anti-Spam Junk Store functionality toggled on (Junk Store 7.6.9).
“Firewall Anti-Spam Junk Store: FIX RELEASED – Customers using Anti-Spam Junk Store functionality on firewalls running SonicOS 6.x should upgrade to the latest Junk Store 7.6.9. Junk Store 7.6.9 installer is posted under SonicOS 6.5.x firmware in MySonicWall downloads section for TZ, NSA and SOHO platforms. Customers using SonicOS 7.x on any platform are not impacted.” reads the security advisory.
The first company confirming the Y2K22 bug was Microsoft, the IT giant has recently rolled out an emergency fix that addresses the Y2k22 bug that is breaking email delivery on on-premise Microsoft Exchange servers since January 1st, 2022.
The problem is caused by a bug in the FIP-FS anti-malware scanning engine. FIP-FS is the anti-malware scanning engine used by Microsoft to protect its users, it was used starting with Exchange Server 2013. The security researcher Joseph Roosen explained that the root cause of the issue is the use of a signed int32 variable to store the value of a date, which has a maximum value of 2,147,483,647.
This means that dates related to 2022, having a minimum value of 2,201,010,001 or larger, can be stored in the signed int32 variable. The scanning engine fails to handle the date and generates an 1106 error as visible in the Exchange Server’s Event Log.
The fix released by Microsoft is temporary, it addresses the problem while the IT giant is working on a final update.
Microsoft released a PowerShell script (‘Reset-ScanEngineVersion.ps1’) that could be executed to stop the Microsoft Filtering Management and Microsoft Exchange Transport services. It also deletes older AV engine files, download the new AV engine and restart the services.
(SecurityAffairs – hacking, IKEA)