Posted on Leave a comment

FIP-FS Bug In Microsoft Exchange Year 2022 Disturbs Email Delivery.

According to numerous reports from Microsoft Exchange administrators around the world, A bug in the FIP-FS engine is preventing email delivery with on-premise servers beginning at midnight on January 1st, 2022.

The issue is caused by Exchange’s malware scanning engine, which checks the version of that software before attempting to write the date into a variable. However, the maximum value of that variable is 2,147,483,647 and the value Exchange tries to write – 2,201,010,001, to reflect the date of January 1st, 2022, at midnight – exceeds the variable’s maximum threshold.

As a result, when the malware engine reads the variable, it crashes.

  • Exchange backlogs mail instead of sending it because it lacks a malware scanner, which is a critical component of a mail server.
  • Let us be thankful that Microsoft only released 55 security updates in November, two of which were for actively exploited flaws.
  • The storey of the credential-leaking Exchange Autodiscover flaw that Microsoft refused to fix even after 5 years.
  • The Microsoft Exchange Autodiscover protocol was discovered to be leaking hundreds of thousands of credentials.

A wag on Reddit dubbed the shambles “The Y2K22 bug,” a reference to the infamous Y2K bug, which was caused by early programmers using a date format of DD/MM/YY to use less memory than a format of DD/MM/YYYY. Unfortunately, this decision resulted in the failure of many systems.

As Microsoft is still working on an update to automatically fix the issue, the current fix is a workaround that requires customer action.

Administrators must run a PowerShell script called “Reset-ScanEngineVersion.ps1” to temporarily resolve the issue. When the script is run, the Microsoft Filtering Management and Microsoft Exchange Transport services are stopped, the older antivirus engine files are deleted, the new engine is downloaded, and the services are restarted.

The following are the steps that administrators must take on each on-premises Microsoft Exchange server:

  • Go to https://aka.ms/ResetScanEngineVersion and download the Reset-ScanEngineVersion.ps1 script.
  • Launch a privileged Exchange Management Shell.
  • Run Set-ExecutionPolicy -ExecutionPolicy RemoteSigned to modify the execution policy for PowerShell scripts.
  • Execute the script.
  • If you previously disabled the scanning engine, use the Enable-AntimalwareScanning.ps1 script to re-enable it.

Finally the researchers concluded that ,”Microsoft has warned that the process may take some time, depending on the size of the organisation. The number of emails in the queue will also influence how quickly the problem is resolved.

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1, Linkedin handle @linkedin

Leave a Reply