The problem occurred when emails could not be delivered by on-premise servers due to a Microsoft Exchange Y2K22 flaw. The Year 2022 bug, as it was known, began on January 1st, 2022. [1] Because it was a date validation issue linked to a date-checking failure, it precisely happened when the year changed. [2] This is not a problem with malware scanning methods or the malware engine, and it has nothing to do with dangers or security issues.
According to reports[3], this is the issue that arises when data verification results in a malware engine crash, causing the messages to become trapped in the transportation phase. Although the incident was reported, it was unclear how people were affected and whether the problem was widespread.
Microsoft has just made an urgent fix available for the 2022 bug that interfered with email delivery. The results of the investigation indicated that the email became stuck, and faults were found in the Windows event log.
The short-term solution for clients
Customers must participate in the Y2K22 problem’s mitigation. Microsoft advises obtaining the PowerShell-based Reset-ScanEngineVersion.ps1 scan engine reset script. [4] When done on each Exchange mailbox server used for downloading antimalware updates, this can act as a temporary workaround.
The execution of the command halts the Microsoft Exchange Transport and Microsoft Filtering Management services, deletes the old anti-virus engine files, downloads the fresh anti-malware engine, and restarts the service from scratch. Microsoft cautions that depending on the size of the company, this procedure could take some time.
There are certain measures for the admins that can upgrade the scanning engine manually themselves. After making these adjustments, the email service ought to function as intended. Due to the backlogged queue, it can take some time.
Issues with Microsoft bugs in 2021
2021 was a significant year for cyber security, with significant data breaches[5] affecting numerous businesses and websites. Additionally, Microsoft has been active in resolving numerous security flaws including zero-day problems. Patch Tuesday in November 2021 fixed 55 known bugs that were made public before the release. [6] In the wild, some of those weaknesses have been successfully exploited.
The vulnerabilities that affected the Microsoft Exchange Server as a result of poor validation of cmdlet arguments were among the most serious and unusual ones found in the past year. The vulnerability with a severity of 7.7 was used in active exploits.
Researchers in cyber security have also found problems with Microsoft Excel. The specific problem had to do with getting around security measures. It was discovered that one of the more dangerous bugs was utilized to start RCE. This 3D bug might have been locally exploited. Microsoft only patched 691 CVE problems in 2018.
Cybersecurity problems may still exist in 2022. There are a few factors that must be considered. The risk posed by legacy vendors and third parties must be addressed. Additionally crucial should be proactive cybersecurity for software development and cloud migration.
Unfortunately, ransomware has been wreaking havoc on regular users all through 2021 and it doesn’t seem to be stopping in 2022. Deadly ransomware gangs first appeared last year and quickly adapted a variety of new strategies that helped them stand out and maintain their persistence. Antimalware software and cybersecurity tools must advance at the same rate as these online criminals and their wares.