Starting with Exchange Server 2013, Microsoft enables the FIP-FS anti-spam and anti-malware scanning engine by default to protect users from malicious emails. However, starting at midnight on January 1, 2022, a unique way of storing dates in the FIP-FS engine caused a bug that blocked email delivery from Microsoft Exchange on-premise servers.

On January 1, 2022, the first day of the new year, Twitter user “long wtf = 2201010001” tweeted @msexchangeteam said that the FIP-FS “Microsoft” scan engine failed to load and could not convert “2201010001” to long type.

image

Security researcher and Exchange administrator Joseph Roosen said this was caused by Microsoft’s use of signed int32 variables to store date values, which has a maximum value of 2,147,483,647, but the minimum value of 2,201,010,001 or greater for the 2022 date is greater than the maximum value that can be stored in signed int32 variables, causing the scan engine to fail to release messages for delivery.

image

When this error is triggered, an error 1106 will appear in the Exchange Server event log, stating

“FIP-FS scan process initialization failed. Error: 0x8004005. error details: unspecified error”

or

“Error code: 0x80004005. error description: can not convert “2201010001” to long.”

Currently, Microsoft has announced that it is fixing this issue.