September 22, 2023

Microsoft has released an emergency fix for a year 2022 bug that is breaking email delivery on on-premise Microsoft Exchange servers. Errors are caused by Microsoft Exchange checking the version of the FIP-FS antivirus scanning engine and attempting to store the date in a signed int32 variable.

Microsoft released a temporary fix requiring customer action while working on an update that automatically fixes the issue. This fix comes in form of PowerShell script ‘Reset-ScanEngineVersion.ps1.’ When executed, the script will stop the Microsoft Filtering Management and Microsoft Exchange Transport services, delete older AV engine files, download the new AV engine, and start the services again.

Advertisements

To use the automated script to apply the fix, you can follow these steps on each on-premise Microsoft Exchange server in your organization:

  • Download the Reset-ScanEngineVersion.ps1 script from https://aka.ms/ResetScanEngineVersion
  • Open an elevated Exchange Management Shell.
  • Change the execution policy for PowerShell scripts by running Set-ExecutionPolicy -ExecutionPolicy RemoteSigned.
  • Run the script.If you had previously disabled the scanning engine, enable it again using the Enable-AntimalwareScanning.ps1 script.

This process may take some time, depending on the organization’s size. Once after the script execution, Microsoft says that email will start delivering again, but it may take some time to complete depending on the amount of email that was stuck in the queue.

Microsoft also explains that the new AV scanning engine will be version number 2112330001, which references a date that does not exist and that admins should not be concerned.

Advertisements

The newly updated scanning engine is fully supported by Microsoft. While we need to work on this sequence longer term, the scanning engine version was not rolled back, rather it was rolled forward into this new sequence.The scanning engine will continue to receive updates in this new sequence.

Leave a Reply

%d bloggers like this: