Exchange mail service was bugged and stopped working this weekend, beginning the new year, 2022. Microsoft immediately pushed a patch to fix the problem, resulting in a temporary e-mail delivery outage. The malware detection engine causes the problem.
There’s no security risk
According to the Microsoft Blog post for the Exchange 2022 bug, the bug is not related to security even though it happened by the malware detection engine. A bug on the engine was crushing the system in the signature file version checking process, because of the year 2022. As the malware checking engine crushes, the e-mails got stuck in transport queues without causing any security risk.
As a solution, Microsoft recommends downloading a PowerShell-based script that resets the scan engine version. The script needs to be executed on each Exchange mailbox server used to download antimalware updates. The script will change the version of the engine to “2112330001” and it will take a while to deploy.
Click to download ResetScanEngineVersion script
It is also possible to manually fix the problem as Microsoft explains step by step. Here are all the steps you’ll need to follow:
Verify the impacted version is installed
- Run Get-EngineUpdateInformation and check the UpdateVersion information. If it starts with “22…” then proceed. If the installed version starts with “21…” you do not need to take action.
Remove existing engine and metadata
- Stop the Microsoft Filtering Management service. When prompted also to stop the Microsoft Exchange Transport service, click Yes.
- Use Task Manager to ensure that updateservice.exe is not running.
- Delete the following folder: %ProgramFiles%\Microsoft\Exchange Server\V15\FIP-FS\Data\Engines\amd64\Microsoft.
- Remove all files from the following folder: %ProgramFiles%\Microsoft\Exchange Server\V15\FIP-FS\Data\Engines\metadata.
Update to the latest engine
- Start the Microsoft Filtering Management service and the Microsoft Exchange Transport service.
- Open the Exchange Management Shell, navigate to the Scripts folder (%ProgramFiles%\Microsoft\Exchange Server\V15\Scripts), and run Update-MalwareFilteringServer.ps1 <server FQDN>.
Verify engine update info
- In the Exchange Management Shell, run Add-PSSnapin Microsoft.Forefront.Filtering.Management.Powershell.
- Run Get-EngineUpdateInformation and verify the UpdateVersion information is 2112330001 (or higher)