Microsoft has confirmed that a fix is in progress for the FIP anti-virus engine (FS) on Microsoft Exchange 2016 and 2019 servers that could result in emails being hit in transit. These issues started right at the turn of the year on 2022 and were widely discussed on social media and called “Microsoft Exchange Y2K22 error. “
According to Microsoft, the core problem relates to a bug in the date check when moving from 2021 to 2022. On the more technical side, Microsoft apparently uses a signed int32 variable around the value of a date in on-premise servers with Microsoft Exchange 2016 and 2019 save. This has a maximum value of 2,147,483,647, and security researchers Joseph Roosen mentioned (via beeping computer,) Dates in 2022 have a minimum value of 2,201,010,001 or greater.
This is greater than the maximum value Microsoft stores in the signed int32 variable, and it can cause the Exchange malware scanning engine to crash and not send any emails. However, Microsoft makes it clear that this is not a bug in the Exchange anti-virus engine and is not a security issue. With the January 1 release, the company confirmed that details on how to resolve the issue would be released later. The Exchange team posted the following message:
Our engineers were working around the clock on a fix that would eliminate customer intervention, but we found that any change that did not require customer intervention would take several days to develop and deploy. We are working on another update that is in the final test validation. The update requires customer action, but offers the fastest solution.
The suggested workaround is to disable or bypass malware scanning on Exchange servers, but only if customers have a malware scanner other than Exchange’s own solution. There are two documents on this subject. One over Anti-malware protection in Exchange Server, and another about procedure for Anti-malware protection in Exchange Server. There is also a community Discussion on the topic on Reddit if you are an IT administrator who has experience with this problem.