he onset of the new year 2022 has caused disruptions in many products from Microsoft, Honda, Acura and SonicWall.
Information security specialists compare these bugs with the legendary Y2K problem, once associated with the year 2000.For example, Microsoft Exchange servers stopped sending mail, the date in some Honda and Acura vehicles shifted to 2002, and Email Security and SonicWall’s firewalls showed logging and spam filtering failures.
Microsoft
Bleeping computer keeps a special register of such failures. In particular, the publication reported that from January 1, 2022, an error occurred in the FIP-FS scanning module to protect against malware and spam that prevented local Microsoft Exchange servers from delivering e-mail. Moreover, this module appeared in Exchange Server 2013, and it is active by default. The company has confirmed that there is a problem.
On January 1, the FIP-FS began blocking email delivery. As explained by Exchange researcher and administrator Joseph Rosen, Microsoft uses a signed int32 variable to store a date value that has a maximum value of 2147483647. But dates in 2022 have a minimum value of 2 201 010 001, which is greater than the maximum value that can be saved with int32. As a result, this leads to a failure of the scanning mechanism and does not allow sending letters for delivery.
It is proposed to combat this bug by temporarily disabling the FIP-FS module or applying an emergency “patch” released by Microsoft. The fix is in the form of the Reset-ScanEngineVersion.ps1 script. During its execution, the Microsoft Filtering Management and Microsoft Exchange Transport services will be stopped, the old antivirus engine files will be deleted, and a new antivirus module will be loaded, after which the script will start the services again.
Let me remind you that we also told that Microsoft urged administrators to fix OMIGOD vulnerabilities on their own.
Honda and Acura
In turn, the owners of Honda and Acura cars found that with the onset of the new year, the clocks of their car navigation systems were automatically set back 20 years, and the date was set to January 1, 2002.
Bug Y2K22 affected almost all older cars, including Honda Pilot, Odyssey, CRV, Ridgeline, Odyssey, as well as Acura MDX, RDX, CSX and TL.
At the same time, Honda’s customer support service said that the error should be resolved by itself in August of this year.
Users are currently hoping that Acura and Honda will not make car owners wait seven months for a fix, and will release the update ahead of schedule.
Let me also remind you that we wrote that VolksWagen reports data breach affecting over 3.3 million Audi owners.
SonicWall
Another “victim” of the sudden onset of 2022 was SonicWall. In this case, the Y2K22 issue affected some versions of Email Security and company firewalls.
According to SonicWall, users and administrators were unable to access the Junk Mailbox or retrieve recently received emails from the Junk Mailbox. In addition, it was not possible to track incoming and outgoing emails using logs, since they were no longer updated.
As a result, the company had to urgently release updates for its cloud-based Hosted Email Security in North America and Europe. The company also released fixes for the on-premises Email Security Appliance (ES 10.0.15) and clients using firewalls with Anti-Spam Junk Store enabled (Junk Store 7.6.9).
To update to the latest version of the Junk Store, administrators must download and deploy the Junk Store 7.6.9 installer included with the SonicOS 6.5.x firmware and located in the MySonicWall download area for TZ, NSA and SOHO platforms. Separately, it is emphasized that the bug did not affect SonicOS 7.x.
Recall that we also wrote that Dangerous vulnerability in SonicWall products was not fully fixed.
