SonicWall email security and firewall products affected by Y2K22 bug: message log updates and junk box failures

The technology firm SonicWall confirmed that some of its firewall and email security solutions are being affected by the Y2K22 flaw, which since January 1, 2022 has generated errors in millions of implementations. As a result, users have not been able to access their inboxes or unwanted emails.

Similar to the dreaded Y2K errors, this error generated automatic failures in some systems as soon as it arrived on the first day of the year, restarting their watches or preventing their normal operation. 

On January 2, the company had to issue a series of updates to Hosted Email Security implementations and its local email security devices, in addition to issuing updates for users of SonicWall firewalls with active Anti-Spam Junk Store functionalities.

Junk Store users will need to download and deploy the v7.6.9 installer, which was released in firmware for sonicOS 6.5x, thus addressing the reported flaw. The update is downloaded on the official MySonicWall platforms for TZ, NSA and SOHO platforms.

SonicWall is not the only company affected by this kind of error. During the early hours of January 1, companies such as Honda and Acura began to detect this flaw, which caused the clocks in the navigation systems of their cars to be automatically delayed by 20 years, marking January 1, 2002. Apparently, the bugs only affect older car models from the affected manufacturers.

Some Microsoft implementations were also affected. For example, Microsoft Exchange servers interrupted email delivery starting in January 2022, as Y2K22 directly affected the FIP-FS anti-malware engine, causing severe failures: “The malware engine is blocked by this problem, delaying the delivery of messages in transport queues,” Microsoft adds in a report.

Although some workarounds are known, their deployment requires affected system administrators to deploy more updates. Final fixes for these failures require the work of each affected vendor.  

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.