Microsoft Exchange 2022 Vulnerability in FIP-FS Prevents Email Delivery

Microsoft Exchange 2022 Vulnerability in FIP-FS Prevents Email Delivery

Due to a “Year 2022” flaw in the FIP-FS anti-malware scanning engine, Microsoft Exchange on-premise servers will not transmit email starting January 1st, 2022. Microsoft installed the FIP-FS anti-spam and anti-malware scanning engine by default starting with Exchange Server 2013 to protect individuals from harmful email.

According to several reports from Microsoft Exchange admins worldwide, a vulnerability in the FIP-FS engine is stopping email delivery with on-premise servers starting at midnight on January 1st, 2022. As per security researcher and Exchange admin Joseph Roosen, Microsoft uses a signed int32 variable to record the value of a date, which has a maximum value of 2,147,483,647.

Dates in 2022, on the other hand, have a minimum value of 2,201,010,001, which is larger than the maximum number that may be kept in the signed int32 variable, causing the scanning engine to fail and the message not to be released for delivery.

An 1106 error will occur in the Exchange Server’s Event Log when this problem is triggered, stating, “The FIP-FS Scan Process failed initialization. Error: 0x8004005. Error Details: Unspecified Error” or “Error Code: 0x80004005. Error Description: Can’t convert “2201010001” to long.”

To officially patch this error, Microsoft will need to release an Exchange Server version that employs a more significant variable to retain the date. However, for on-premise Exchange Servers that are currently compromised, administrators have discovered that disabling the FIP-FS scanning engine allows email to resume delivery.

On the Exchange Server, use the following PowerShell instructions to stop the FIP-FS scanning engine:

Set-MalwareFilteringServer -Identity -BypassFiltering $true

Restart-Service MSExchangeTransport

After the MSExchangeTransport service is restarted, mail will start being delivered again.

Unfortunately, sent mail will no longer be inspected by Microsoft’s scanning engine due to this unauthorized update, resulting in more dangerous emails and spam reaching consumers. Microsoft has verified that a patch is in the works, and further information will be provided later.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.