Hello, welcome to the Monday, January 3, 2020 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Well, it wouldn't be a new year without some problems related to the change of the year.

This time, it's a Microsoft Exchange Server, 2016 and 2019,

I guess, with all the problems we had with Exchange Server last year. It decided to sort of go

out with a bang of some sorts. Well, it wasn't really a security issue, more availability.

And really interesting and odd bug here.

Apparently, Exchange Server internally represents dates as signed integers.

But this integer isn't like a Unix timestamp or so, like a number of seconds from a certain

date.

Instead, it assembles that integer from the actual date.

And the first two digits of the integer are the last two digits of the year. So this changed

from 21 to 22 with the new year. The problem being here is because this is a signed 32-bit integer,

the largest number that came by represented is $2.1 billion,

and with the year 2022, we are now at $2.2 billion,

which then, of course, cost the problem.

If you're affected, email will be stuck

in the transport queues and you'll see event ID 5300 and 1,106. There is a patch available for

Microsoft that you need to apply in order to solve this problem.

And well, even with the new year, some things stay the same, and one is Agent Tesla.

Agent Tesla has been around for a few years and keeps adjusting Brad, sort of keeps track of

that, and wrote a diary with the latest observation as far as ancient Tesla goes.

...