Microsoft Exchange Year 2022 Bug In FIP-FS Breaks Email Delivery For On Premise Severs

Happy 2022 Microsoft Exchange admins. You’re waking up to a new year with a bug that has broken your Microsoft Exchange server if you’re using an on premise server. BleepingComputer has the details:

Microsoft Exchange on-premise servers cannot deliver email starting on January 1st, 2022, due to a “Year 2022” bug in the FIP-FS anti-malware scanning engine.

Starting with Exchange Server 2013, Microsoft enabled the FIP-FS anti-spam and anti-malware scanning engine by default to protect users from malicious email. According to numerous reports from Microsoft Exchange admins worldwide, a bug in the FIP-FS engine is blocking email delivery with on-premise servers starting at midnight on January 1st, 2022.

Security researcher and Exchange admin Joseph Roosen said that this is caused by Microsoft using a signed int32 variable to store the value of a date, which has a maximum value of 2,147,483,647. However, dates in 2022 have a minimum value of 2,201,010,001 or larger, which is greater than the maximum value that can be stored in the signed int32 variable, causing the scanning engine to fail and not release mail for delivery. When this bug is triggered, an 1106 error will appear in the Exchange Server’s Event Log stating, “The FIP-FS Scan Process failed initialization. Error: 0x8004005. Error Details: Unspecified Error” or “Error Code: 0x80004005. Error Description: Can’t convert “2201010001” to long.” Microsoft will need to release an Exchange Server update that uses a larger variable to hold the date to officially fix this bug.

However, for on-premise Exchange Servers currently affected, admins have found that you can disable the FIP-FS scanning engine to allow email to start delivering again.

There’s a slight problem with that fix. If you use the unofficial fix, it will expose users to more spam, more phishing, and more malware infected email. So that’s not really a solution. However Microsoft has an actual solution:

Thus Exchange admins will need to wake up this morning and run that script before this becomes a major issue on Monday when everyone heads back to work.

It never ends does it.

Leave a Reply

%d bloggers like this: