Microsoft's failure at the turn of the year left many without mail
The new year did not start all that well for Microsoft and its users, as an error in the date change rendered Exchange services unusable. This caused panic in some users who thought that the problem was related to a security flaw.
The failure has caused the emails to stop arriving. This was due to the fact that the couriers were "attacked" on the way and did not reach their destination.
This problem was mainly due to the anti-spam and anti-malware security engine that the company uses to filter emails. Because the system failed to process the date, all emails were trapped in the filter. In this way, the emails did not follow their way to the recipient, but remained in the filter.
The failure was not related to a security problem
Despite what was believed at first, this problem is not linked to a security flaw. This was confirmed by Microsoft in a statement they gave to the public.
The affected versions were precisely the versions of Microsoft Exchange 2016 and 2019. This glitch might remind you (in case you're old enough) to the "effect 2000" in which different computer systems crashed at the turn of the year.
This has led many to dub this problem the "2022 effect" and one that Microsoft is working to fix to date. It is expected that a patch capable of definitively solving this problem will be released in the next few days.
A more technical explanation of the problem
When an email goes through the security filter, known as FIP-FS, it analyzes the content and stores the date in a variable. The main problem lies in the way that information is stored, since the system uses a "long" type variable.
It is important to mention that there are different types of variables and each one of them stores different types of information and occupies a different memory space. The "long" variable that the system uses to store dates has the ability to store a 32-bit integer. This means that it handles values between -2,147,486,647 and 2,147,486,647. In general, this should not be a problem, since in most cases this is enough.
However, the Microsoft developers overlooked a small detail and that is that the complete date (including the seconds that have passed) can be longer than the data that the variable can handle.
When the change of year was presented, that is, on January 1 at 0:00 hours, the value that the date had was 2,201,010,001. This number was greater than the range that the variable was capable of handling, which made the security system not able to interpret the dates, causing the emails to get trapped.
Is there any solution?
So far, there is no solution from Microsoft, however, they have ensured that their engineers are working day and night on a solution. This means it could take a few days, so they have decided to work on a temporary solution that will be available at any time.
While users wait for the solution, they can use a little computer trick to get around the problem temporarily. This requires that a manual action be carried out that would temporarily solve the problem.
To do this, you just have to deactivate the FIP-FS antispam engine, in this way the emails will arrive without any problem. Of course, you have to take into consideration that you will not have any type of antispam filter while it is deactivated. So you run the risk of receiving spam emails or some type of malware.
To do this, the following command must be written in PowerShell :
Set-MalwareFilteringServer -Identity -BypassFiltering $true
Restart-Service MSExchangeTransport
It is important that you are clear that this is a temporary solution and that it is not entirely recommended. So, it is important to be aware that Microsoft releases the update that fixes the problem to re- enable the FIP-FS on the server.