As we roll into the new year, many new vulnerabilities are being uncovered, exposing organizations’ critical digital assets to various cyber risks. It seems Microsoft welcomed the year 2022 with a security issue that prevents its Exchange servers from sending and receiving emails. The technology giant recently released a patch to address a security vulnerability affecting email messages to get stuck in transport queues of on-premises Exchange Server 2016 and Exchange Server 2019. The technology giant stated the issue is related to a date check failure with the change of the year and not an issue with malware scanning, malware engine, or a security-related problem. Microsoft clarified that Edge Transport servers are unaffected by this vulnerability.
“The version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues. We have now created a solution to address the problem of messages stuck in transport queues on Exchange Server 2016 and Exchange Server 2019 because of a latent date issue in a signature file used by the malware scanning engine within Exchange Server,” Microsoft stated.
Also Read; Microsoft Fixes 6 Zero-day Flaws in December 2021 Patch Tuesday Update
The vulnerable applications show the below error message/code when the issue occurs:
To fix the issue, Microsoft urged users to download a PowerShell-based scan engine reset script that executes on each Exchange mailbox server used for downloading antimalware updates.
Microsoft stated the script (patch) might take some time to run, based on the size of the organization and the number of messages queued up.
The post Microsoft Issues Fix for Exchange 2022 Security Flaw appeared first on CISO MAG | Cyber Security Magazine.
Click to Open Code Editor