News

Microsoft Issues Script for "Y2k22 Bug" in Exchange Server 2019 and Exchange Server 2016

• By Kurt Mackie
• 01/03/2022

Microsoft on Saturday offered a script to fix a so-called "Y2k22 bug" that caused e-mails to build up within Exchange Server 2019 and Exchange Server 2016 transport queues.

This stuck transport queue problem popped up on New Year's Day, 2022. A "date check failure" associated with Microsoft's antivirus engine caused the malware engine to crash. Messages then built up within the transport queues for Exchange Server 2019 and. Exchange Server 2016 users.

Use Version 2112330001
The antivirus engine should be using version "2112330001." Apparently, the "21" part of its name refers to the year 2021. The stuck transport queue problem occurred when the antivirus engine is at versions starting at "22" (signifying the year 2022).

Microsoft's announcement claimed in an FAQ section that it didn't roll back the antivirus engine version, and that the "21" version is "a new sequence" that will permit future antivirus updates to continue to arrive.

The problem just affected Exchange Server 2019 and Exchange Server 2016 users. However, organizations with Microsoft antivirus software starting with "22" need to take action to get to the "21" version to continue to get future antimalware updates.

Microsoft explained that point in the FAQ section of its announcement as follows, noting that the antivirus version issue can affect other Exchange Server product users, such as Exchange Server 2013 users, who won't get antivirus updates if using the "22" version:

Exchange Server 2013 is not impacted by transport crashes so there will be no buildup of email in transport queues. If your Exchange 2013 server took the antimalware update and it is now on version starting with "22..." you should use the automated or manual steps in this blog post to get your server on an engine version "21..." to continue getting the antimalware updates. Without taking action your server will not get any future antimalware updates.

No Patch
Unfortunately for IT pros overseeing Exchange Server 2019 or Exchange Server 2016 implementations, running the script has to be done on "each Exchange mailbox server that downloads antimalware updates in your organization."

There's no patch. It's a hands-on IT project to address the problem, although the script can be automated to run across different servers simultaneously.

Alternatively, Microsoft described a "manual solution" as an alternative to running the script. There are additional steps to follow if the Exchange Servers use a proxy to connect with the Internet.

Organizations just using Exchange Server 2019 or Exchange Server 2016 for management of Exchange recipients don't need to take action. Organizations that don't connect to the Internet to get antimalware updates aren't affected by this problem.

Microsoft didn't explain the problem as being a "Y2k22 bug." The reason for the antivirus engine version problem is that "the version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues," the Exchange team indicated, without much more of an explanation.

However, a commenter ("John_C_Kirk") in Microsoft's post said that the problem is caused by a 32-bit "integer overflow error" associated with the version number. He suggested that Microsoft should add this explanation to its announcement, but Microsoft seems to have ignored the advice.

Commenters described seeing lots of errors thrown by Microsoft's script. They also sometimes described having to reboot the server to have the fix take effect.