The bug that caused a number of New Year’s Eve emails to get stuck in a queue has finally been fixed, Microsoft says.
The bug prevented emails for on-prem Microsoft Exchange servers to be delivered, due to an error with the dates. As reported by BleepingComputer, early investigation into the bug discovered that Microsoft Exchange email service was checking the version of the FIP-FS antivirus scanning engine, and tried to store the date in a signed int32 variable. The variable can store the value of up to 2,147,483,647, less than the new date value of 2,201,010,001, for January 1, 2022.
As a result, Microsoft Exchange attempts to check the antivirus scanning version would result in a bug that would crash the malware engine.
Fixing email woes
"The version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues," Microsoft explained in a blog post.
The current fix is a workaround that requires customer action, as Microsoft is still working on an update to automatically fix the issue.
To temporarily remedy the problem, admins need to run a PowerShell script called “Reset-ScanEngineVersion.ps1”. Executing the script will stop the Microsoft Filtering Management and Microsoft Exchange Transport services, delete older antivirus engine files, download the new engine and restart the services.
Here are the steps admins need to take on each on-prem Microsoft Exchange server:
- Download the Reset-ScanEngineVersion.ps1 script from https://aka.ms/ResetScanEngineVersion.
- Open an elevated Exchange Management Shell.
- Change the execution policy for PowerShell scripts by running Set-ExecutionPolicy -ExecutionPolicy RemoteSigned.
- Run the script.
- If you had previously disabled the scanning engine, enable it again using the Enable-AntimalwareScanning.ps1 script.
The process may take a little time, depending on the organization’s size, Microsoft has warned. The number of emails stuck in the queue will also determine how fast the problem gets resolved.
- You might also want to check out our list of the best endpoint protection services right now