Microsoft Issues Fix for Exchange Y2K22 Bug That Crippled Email Delivery Service

Introduction: The Exchange Y2K22 bug relates mainly to a date check failure in Microsoft’s email service and is not security-related. The bug shut down on-premises mail delivery and stops users from accessing their inboxes. The good news is Microsoft has responded with both a manual and automated fix.

Main Concern: As the year 2022 came in and the clock struck midnight, Exchange administrators across the world found that their servers were Not able to send the emails. Subsequent to analysis, they observed that Mails were not getting sent or received instead they were stuck in the queue of the mail server, and the Windows event log showed the following error in the logs.

Log Name: Application

Source: FIPFS

Logged: 1/1/2022 1:03:42 AM

Event ID: 5300

Level: Error

Computer: server1.contoso.com

Description: The FIP-FS “Microsoft” Scan Engine failed to load. PID: 23092, Error Code: 0x80004005. Error Description: Can’t convert “2201010001” to long.

Log Name: Application

Source: FIPFS

Logged: 1/1/2022 11:47:16 AM

Event ID: 1106

Level: Error

Computer: server1.contoso.com

Description: The FIP-FS Scan Process failed initialization. Error: 0x80004005. Error Details: Unspecified error.

The manner in which Microsoft dates refreshes (Year/Month/Day design) didn’t observe that it had a self-assertive restriction of 2147483647.

So, when the update named 220101001 was deployed, it overshot the limit and failed date checks. This affected Exchange versions 2016 and 2019.

Microsoft noticed that the issue was caused due to the date issue in the signature record utilized by the malware filtering motor inside Exchange Server.

Recommendations :

Microsoft has released a temporary fix requiring Users to take action while working on an update that automatically fixes the issue.

Microsoft is recommending customers to download a PowerShell-based scan engine reset script called “Reset-ScanEngineVersion.ps1” that can then be executed on each Exchange mailbox server used for downloading antimalware updates.

For using the automated script and applying the fix, follow these steps

  1. Download the Reset-ScanEngineVersion.ps1 script from https://aka.ms/ResetScanEngineVersion.
  2. Open an elevated Exchange Management Shell.