IT administrators returning to work after the New Year’s Day bank holiday have been told by Microsoft to update every on-premise Exchange server in their organisation. While the task can be automated, Microsoft has warned that it will take some time before the bug is resolved completely.
Microsoft has rushed out a patch due to a problem impacting organisations running Exchange Server 2016 and 2019. The bug, which is similar to the Y2K millennium bug, has led to affected Exchange servers delaying messages in a system known as the on-premise transport queue.
Microsoft’s malware scanning engine is the root cause of this latest date problem. According to some reports, FIP-FS, the Microsoft malware scanning engine, has a Y2K-style date bug that misinterprets 1 January 2022. The Y2K bug, which plagued computer systems in the run-up to the changeover from 1999 to 2000, occurred because programmers used only two digits to denote a date value. This meant that computer systems were unable to determine if “00” referred to 1900 or 2000.
According to posts on Microsoft’s Tech Community forum, the MS Filtering Engine Update version “220101001” broke the engine. Apparently Microsoft used 32-bit values to denote the year (2022), month (01) and day (01) of its malware updates.
Due to the way Microsoft checks the version number, the value “2201001” causes the program error, “Cannot convert ‘220101001’, too long” in the Exchange server.
Microsoft said: “The problem relates to a date check failure with the change of the new year and it is not a failure of the AV engine itself. This is not an issue with malware scanning or the malware engine, and it is not a security-related issue. The version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues.”
The result of this error is that the malware scanning engine prevented email messages from being processed. Microsoft and admins on the Tech Community forum initially recommended that Exchange server admins disable the malware scanning engine to unblock the transport queue and allow email messages to be passed through.
However, Microsoft has now released a manual fix. “Implementation of the solution requires customer actions, and it will take some time to make the necessary changes, download the updated files and clear the transport queues,” the company stated in the Tech Community forum.
“Whether you perform the steps automatically or manually, they must be performed on every on-premise Exchange 2016 and Exchange 2019 server in your organisation. If you use the automated script, you can run it on multiple servers in parallel.”
Microsoft said that it would “take some time to make the necessary changes, download the updated files and clear the transport queues”.
