Microsoft Exchange users were surprised when emails could not be delivered on January 1st, 2022.
MEServers from 2013 onwards come with the handy FIP-FS scanning tool turned on by default to ensure no malicious mail gets through. What nobody expected was a date-check failure in this anti-malware scanning engine that would stop the delivery of email from the New Year, baffling IT teams around the world!
Security Researcher Joseph Roosen, quoted by Bleepingcomputer.com, attributed the bug to Microsoft using a signed Int32 variable to store the date, whose maximum value is not large enough to hold dates for the year 2022. This caused emails to get stuck in the transport queue, unable to be scanned for malware.
The maximum value of the 32-bit integer is 2147483647. Microsoft uses the first 2 numbers to mark the version year, which was fine through ‘21. 2022 becomes a problem. Microsoft’s workaround keeps the version number beginning with “21” to stay within the limits of the bug, leading one smart Reddit user to wish everybody “Happy December 33, 2021!”
Microsoft has recommended disabling the scanner tool in order to bypass the problem using the code:
Set-MalwareFilteringServer -Identity -BypassFiltering $trueRestart-Service MSExchangeTransport
It will need to release an update to Exchange servers that uses a variable larger than Int32 to really fix the problem. Keep in mind that if you do disable the scanning engine, ensure you have another option at the ready to minimize the risk of malicious emails coming through.
Be ready for any surprises 2022 may bring with a thorough Cyber Risk Assessment from Centraleyes.
Start Getting Value With
Centraleyes for Free
See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days