Microsoft Exchange servers break thanks to 'Y2K22' bug

Laptop computer displaying logo of Microsoft Exchange
(Image credit: Shutterstock)

Microsoft has released an emergency patch for a flaw in Microsoft Exchange that prevented emails from sending at the turn of the new year.

Businesses running on-premise Microsoft Exchange environments reported encountering issues whereby emails were stuck in a queue instead of sending after the yearly date changed to 2022.

The issue has been attributed to Exchange's malware scanning engine which manages dates in the form of 32-bit variables. The variable's maximum integer value is 2,147,483,647 but a variable of 2,201,010,001 is required to display the date as 1 January 2022 - a value that exceeds the maximum and caused the engine to crash.

Microsoft said the situation is not caused by a fault in either Exchange or its malware-scanning engine that affects the effective running of the products, but rather the engine's date-checking process. Microsoft also said this is not a cyber security issue.

Customers can check if the issue is affecting their on-premise solutions by checking the Application event log on the Exchange Server for the following errors, specifically event 5300 and 1106 (FIPFS).

Microsoft Exchange Server application log error message

(Image credit: Microsoft)

Microsoft Exchange Server application log error message

(Image credit: Microsoft)

Microsoft Exchange customers will need to intervene and apply the patch themselves in order to restore smooth email functionality. Microsoft detailed the step-by-step process customers can follow if they wish to patch manually, and also supplied a downloadable script for customers who want to take the automated solution.

The script "will take some time to make the necessary changes, download the updated files, and clear the transport queues," Microsoft said. Whether customers choose the automated or manual steps towards remediation, they must be carried out on every on-premises Exchange 2016 and Exchange 2019 server. The automated script can run on multiple servers in parallel.

Members of the IT community have dubbed the issue the 'Y2K22' bug for its similarity between it and the issue that threatened to break all computers at the turn of the millennium.

Both issues are based on the way computers handle dates and it required millions in investment and lots of work to combat the original Y2K bug.

Connor Jones

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.