Contents:
Last week, Internet appliances provider SonicWall has revealed that the Y2K22 weakness has affected several of its email security and firewall products, leading to message log updates and junk box malfunctions starting January 1st, 2022.
The SonicWall Incident Consequences
According to the company, administrators and email users will experience some problems, including the inability to access the junk box or un-junk new emails on impacted systems.
They will also be unable to track down incoming/outgoing emails through message logs because they are no longer updated.
Mitigations
SonicWall’s cloud email security solution, Hosted Email Security, was fully patched on January 2nd, and the fix was deployed in North American and European instances. Email Security customers were not required to do anything concerning the issue.
In addition, the company patched its Email Security Appliance.
ES 10.0.15 is available for download via mysonicwall.com. Customers using Email Security Appliance (On-Prem) should upgrade their firmware to ES 10.0.15. Upgrade to ES 10.0.15 will automatically start the database rebuild and the process can take a few hours to complete depending on the amount of data. Junk Box emails and Message Logs will be displayed accurately after the database is fully rebuilt. Please refer to the knowledge base (KB) article for guidance on firmware upgrade.
Firewall Anti-Spam Junk Store had a fix released as well. Anti-Spam Junk Store functionality on firewalls running SonicOS 6.x customers are advised to upgrade to the newest Junk Store 7.6.9. Junk Store 7.6.9 installer “posted under SonicOS 6.5.x firmware in MySonicWall downloads section for TZ, NSA, and SOHO platforms”. However, those using SonicOS 7.x on any platform have nothing to worry about as they are not affected.
Microsoft, Honda, and SonicWall: (Un)Happy Three Friends
Although SonicWall didn’t give any details on what is causing the Y2K22 vulnerability in its security solutions, the tech company is not the only one dealing with this problem.
According to BleepingComputer, starting January 1st, Honda and Acura automobile owners began complaining that their in-car navigation systems’ clocks were automatically set back 20 years, to January 1st, 2002.
The reports say that the Y2K22 bug impacts almost all older car models, including Honda Pilot, Odyssey, CRV, Ridgeline, Odyssey, and Acura MDX, RDX, CSX, and TL.
The vulnerability has also impacted the American multinational tech corporation Microsoft, with Microsoft Exchange on-premise servers halting email delivery on January 1st, 2022, due to the Y2K22 bug’s impact on the FIP-FS anti-malware scanning engine, which would shut down when checking messages.
The version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues.
On January 5th, the tech giant issued a temporary patch, needing extra customer action while working on a fix that would automatically tackle the vulnerability on compromised Exchange servers.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.