Microsoft has rolled out an emergency for the Exchange bug that broke email delivery for on-premises Exchange 2016 and 2019 servers.
On January 1, 2022 Exchange admins across the globe encountered that their servers were no longer delivering email. Later on after investigation the issue, the admins found out that mail was getting stuck in the queue and the Windows event log showed the following errors.
Log Name: Application
Logged: 1/1/2022 1:03:42 AM
Event ID: 5300
Description: The FIP-FS "Microsoft" Scan Engine failed to load. PID: 23092, Error Code: 0x80004005. Error Description: Can't convert "2201010001" to long.
Log Name: Application
Logged: 1/1/2022 11:47:16 AM
Event ID: 1106
Description: The FIP-FS Scan Process failed initialization. Error: 0x80004005. Error Details: Unspecified error.
Bleeping Computer reports the FIP-FS antivirus scanning engine is trying to store the data in a signed int32 variable thereby leading to Microsoft Exchange YK22 bug.
An int32 variable can at the most store the value of 2,147,483,647. However, as the new date value of 2,201,010,001 for January 1st, 2022 is more than the max value of the variable, whenever the Microsoft Exchange tries to check the AV scanning version, it generates a bug which eventually causes the malware engine to crash.
Meanwhile, Microsoft in its blog post explained that the version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues.
Microsoft Releases fix for Exchange Y2K22 Bug
Microsoft has rolled out a temporary fix for the issue and is said to be working on the update that automatically solves this issue.
A Powershell script named Reset-ScanEngineVersion.ps1 has been rolled out to fix this issue. Additionally, the PowerShell script pauses two services, replace the older antivirus engine files with newer ones with the newer ones and use a new number sequence, and restart operations.
To apply the script onto an on-premise Microsoft Exchange server in your organization, follow the below-mentioned steps:
- Dowload the Powershell script from https://aka.ms/ResetScanEngineVersion.
- Open elevated Exchange Management Shell
- Change execution policy for PowerShell scripts by running the Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
- Now, run the script on every Exchange mailbox server in your organization.
Microsoft further notes that the solution will take a while depending on the size of your organization.
Furthermore, Microsoft explains that the new Antivirus scanning engine will be version number 2112330001, which references a date that doesn’t exist. So admins don’t need to worry.
Meanwhile, you can signup for our newsletter and get the latest Windows news.