Microsoft Fixes New Year's Day Exchange Server Bug

Microsoft has released a fix for a problem with Exchange Server that led to corporate emails being left undelivered at the start of the new year.

In an update on January 1 2022, the computing giant revealed that messages were stuck in transport queues of on-premises Exchange Server 2016 and Exchange Server 2019.

Although the problem was traced back to a “date check failure” in Exchange Server’s malware scanning engine, the feature was otherwise unaffected, Microsoft explained.

“The problem relates to a date check failure with the change of the new year and not a failure of the AV engine itself,” it said.

“This is not an issue with malware scanning or the malware engine, and it is not a security-related issue. The version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues.”

Microsoft announced two ways for admins to fix the problem: an automated and a manual solution. The former requires them to download a script to each Exchange mailbox server that downloads the anti-malware update.

The manual option requires IT teams to verify the impacted Exchange Server version is installed, remove the existing anti-malware engine and metadata, update to the latest version and verify engine update info.

Microsoft warned that even the automated solution “will take some time” to clear message queues, although the script has the advantage of being able to run on multiple servers in parallel.

“Please be patient and monitor those queues are draining (number of messages are decreasing) by using Get-queue command,” it added.

The incident marks an inauspicious start to the year after a festive period during which many IT teams were forced into overtime to detect and patch Log4j instances across their organization.

Since the discovery of the first vulnerability in the popular Java logging utility, rated CVSS 10.0, a further four bugs have been published. The most recent (CVE-2021-44832) was described as a “moderate” severity remote code execution flaw in version 2.17.0

What’s Hot on Infosecurity Magazine?