Microsoft patches Y2K-like bug that borked on-prem Exchange Server
Happy New Year. Welcome back! Now apply this patch – which Microsoft warns isn't easy – if you want email to work
Microsoft has kicked off 2022 by issuing a patch for Exchange Server 2016 and 2019, which both possessed a “latent date issue” that saw emails queued up instead of being dispatched to inboxes.
“The problem relates to a date check failure with the change of the new year,” states a January 1st post to the Exchange Blog.
Exchange’s malware scanning engine is the source of the problem, as Exchange checks the version of that software and then tries to write the date into a variable. But that variable’s maximum value is 2,147,483,647 and the value Exchange tries to write - 2,201,010,001, to reflect the date of January 1st, 2022, at midnight – exceeds the variable’s maximum threshold.
The malware engine therefore crashes when it reads the variable.
Deprived of its malware-scanner – an important element of a mail server - Exchange queues mail instead of sending it.
- Let us give thanks that this November, Microsoft has given us just 55 security fixes, two of which are for actively exploited flaws
- Story of the creds-leaking Exchange Autodiscover flaw – the one Microsoft wouldn't fix even after 5 years
- Microsoft Exchange Autodiscover protocol found leaking hundreds of thousands of credentials
A wag on Reddit named the mess “The Y2K22 bug”, a reference to the infamous Y2K bug caused by early programmers adopting a date format of DD/MM/YY to use less memory than would be required by a format of DD/MM/YYYY. Unfortunately, that decision meant that many systems would assume that the 1st of January 2000 was the first day of the year 1900, which would have made for some merry messes.
The Y2K bug was remediated after years of expensive effort.
Fixing the Exchange mess needs some work, too. While Microsoft has released a script to solve the situation, the company’s Exchange team has warned “it will take some time to make the necessary changes, download the updated files, and clear the transport queues.”
Microsoft’s post about the bug and how to address it was updated seven times between publication on January 1st and the time this story was posted. Chatter in Microsoft forums and elsewhere suggests that the fix can be tricky to apply, and sometimes fails.
All of which means Exchange Admins have an incredibly fun start to 2022 - who doesn't love a deluge of polite inquiries from users miffed that they can't access email? Thanks, Microsoft. ®