Americas

  • United States

Microsoft issues a fix for on-prem Exchange mail servers

News Analysis
Jan 05, 20222 mins
MicrosoftServers

Due to a date issue, Exchange email was being queued up instead of sent.

A white speech bubble with an email icon indicating a new unread message against a viral background.
Credit: MicroStockHub / BlackJack3D / Getty Images

Microsoft Exchange admins got a bit of a rude surprise as the new year rang in, with a “latent date issue” striking the on-premises versions of Exchange Server 2016 and 2019 that saw emails queued up instead of being distributed to inboxes.

The problem lay with Exchange’s malware scanning engine, however, Microsoft took great pains to emphasize in a blog post from the Exchange team that the problem relates to a date-check failure with the new year and it not a failure of the antivirus scanning engine itself, nor is it a security issue.

Exchange’s FIP-FS AV checks the version of the Exchange software and then tries to write the date into a signed int32 variable. However, the variable’s maximum value is lower than January 1, 2022, causing the malware engine to crash.

With no malware scanner, Exchange queues mail instead of sending it. It won’t send or receive mail it can’t scan.

Not every Exchange server is affected. Microsoft said organizations using Exchange Server 2019 or Exchange Server 2016 just for management of Exchange recipients don’t need to take action, and organizations that don’t connect to the Internet to get antimalware updates aren’t affected, nor is Exchange 2013.

Microsoft Issues Temporary Fix

Microsoft has released a temporary fix, but it’s rather involved; they’re working on a permanent fix. But hey, the Exchange team had to work on New Year’s Day so I’ll cut them some slack.

The fix comes in the form of a PowerShell script named Reset-ScanEngineVersion.ps1, available from the blog post. The script will stop the Microsoft Filtering Management and Microsoft Exchange Transport services, delete older AV-engine files, download the new AV engine, and restart the services.

You have a choice of running the automated script to apply the fix on each on-premise Microsoft Exchange 2016 and 2019 server in your data center, or you can also update the scanning engine manually. Microsoft provides instructions for both in its blog.

Microsoft warns that this process may take some time, depending on the size of the organization. It also warns that while email will start being delivered again, it may take some time depending on the amount of email that was stuck in the queue.