Want your TV Series Automatically Downloaded?

Its now more easier than ever before. With this step by step guide using Sickbeard , Plex and SABnzb Want your TV Series Automatically Downloaded?
Powered by Blogger.

Wednesday, September 14, 2022

Update now! The use of zero-day flaws attacks PCs, prompting Microsoft to release critical security updates

Posted By: The Funky Tech Guy - 6:22:00 AM

 Grey Minimalist Tips Blog Banner


New zero-day vulnerabilities have been discovered in Windows 10. As a result, Microsoft has released critical security updates for users to install. But you'll want to do it right away, because hackers are already exploiting these flaws.

Microsoft has once again urged Windows users to upgrade their PCs with the most recent security patches after finding serious flaws, some of which are currently being used in the wild or may be used to spread a worm quickly.

Microsoft corrected more than 60 security flaws in its products in its most recent "Patch Tuesday" update, including five "critical" vulnerabilities.

A privilege escalation bug in the Windows Common Log File System (CLFS) that includes publicly available attack code is perhaps the most important vulnerability to address.

Researchers from four different security vendors reported the zero-day flaw to Microsoft, suggesting that its use has not been limited to one organization, but could be exploited by many. Microsoft warns that CVE-2022-37969, was reported to Microsoft by four different security vendors, suggesting that it may be exploited more widely than just one target organization.

It is obvious that things would get worse if hackers were able to execute remote code on a targeted system if the vulnerability allowed them to do so, but since exploit code has already been available and reports of exploitation have been made, it is still a serious vulnerability that needs to be addressed.

The Windows TCP/IP service has a remote code execution flaw, CVE-2022-34718, which could be exploited by a worm without user interaction.

CVE-2022-34718 is also a serious vulnerability in the Windows TCP/IP service, allowing a worm to spread without user interaction.

It is possible for an attacker to send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, making the vulnerability more likely to be exploited."

This, and other flaws it has patched in its latest security update, have been labelled as "exploitation more likely" by Microsoft without providing much information to the public about why they were labelled this way. Due to the lack of transparency, it is more difficult for companies to determine which vulnerabilities need to be patched first, or which mitigations need to be implemented, especially when the company is concerned about disrupting its other business activities.

Sunday, January 2, 2022

Message deferred by categorizer agent

Posted By: The Funky Tech Guy - 5:32:00 AM


Message deferred by categorizer agent


I woke up to a new years surprise in January 2022,  as did many e-mail , infrastructure and network admins out there.

The Issue:



E-mail is down and messages are piling up in the message queue. You did the usual things already like check exchange server resources, disk space, cpu ,memory , check back pressure mode , restart Exhange transport services and even restart the servers themselves.


The Cause



Due of a latent date problem in a signature file utilized by the malware scanning engine inside Exchange Server, messages are blocked in transport queues on Exchange Server 2016 and Exchange Server 2019. When the problem arises you will notice the following error messages:

Error messages

In the message queue you see error message “message deferred by categorizer”


you'll observe problems in the Exchange Server's Application event log, notably events 5300 and 1106 (FIPFS), as seen below:

Event ID 5300

The FIP-FS "Microsoft" Scan Engine failed to load. PID: 38648, Error Code: 0x80004005. Error Description: Can't convert "2201010009" to long.


Event ID 1106

The FIP-FS Scan Process failed initialization. Error: 0x80004005. Error Details: Unspecified error


Additional Errors:

Event ID 5801
Source: MSExchange Antimalware

The anti-malware agent encountered an error while scanning. MessageId: XXXXXXX391.1641112993320.JavaMail.SERVER$@DOMAIN.COM Message sent: 2022-01-02 08:43:13 AM From: EMAILADDRESS@DOMAIN.COM Size: 6756 Bytes Error: Microsoft.Filtering.ScanAbortedException: Exception of type 'Microsoft.Filtering.ScanAbortedException' was thrown.

at Microsoft.Filtering.InteropUtils.ThrowPostScanErrorAsFilteringException(WSM_ReturnCode code, String message)

at Microsoft.Filtering.FilteringService.EndScan(IAsyncResult ar)

at Microsoft.Exchange.Transport.Agent.Malware.MalwareAgent.OnScanCompleted(IAsyncResult ar)


The Workaround



1. Find the exchange scripts folder and run the disable antimalware script. Its not instant so give it a minute or two.

cd "C:\Program Files\Microsoft\Exchange Server\V15\Scripts"



2. Restart the Microsoft Exchange Transport Services

Get-Service MSExchangeTransport |Restart-Service


I hope this has been helpful to you and saved you some New Years time Smile

Let me know in the comments down below.

Additional Information can be sourced from:





[PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>.\Reset-ScanEngineVersion.ps1
EXCH1 Stopping services...
EXCH1 Removing Microsoft engine folder...
EXCH1 Emptying metadata folder...
EXCH1 Starting services...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
EXCH1 Starting engine update...
Running as EXCH1-DOM\Administrator.
Connecting to
Dispatched remote command. Start-EngineUpdate -UpdatePath
[PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>Get-EngineUpdateInformation

Engine                : Microsoft

LastChecked       : 01/01/2022 08:58:22 PM -08:00
LastUpdated        : 01/01/2022 08:58:31 PM -08:00
EngineVersion         : 1.1.18800.4
SignatureVersion      : 1.355.1227.0
SignatureDateTime     : 01/01/2022 03:29:06 AM -08:00
UpdateVersion         : 2112330001
UpdateStatus          : UpdateAttemptSuccessful

Manual Solution


In lieu of using the script, customers can also manually perform steps to resolve the issue and restore service. To manually resolve this issue, you must perform the following steps on each Exchange server in your organization:

Remove existing engine and metadata
1. Stop the Microsoft Filtering Management service.  When prompted to also stop the Microsoft Exchange Transport service, click Yes.
2. Use Task Manager to ensure that updateservice.exe is not running.
3. Delete the following folder: %ProgramFiles%\Microsoft\Exchange Server\V15\FIP-FS\Data\Engines\amd64\Microsoft.
4. Remove all files from the following folder: %ProgramFiles%\Microsoft\Exchange Server\V15\FIP-FS\Data\Engines\metadata.

Update to latest engine
1. Start the Microsoft Filtering Management service and the Microsoft Exchange Transport service.
2. Open the Exchange Management Shell, navigate to the Scripts folder (%ProgramFiles%\Microsoft\Exchange Server\V15\Scripts), and run Update-MalwareFilteringServer.ps1 <server FQDN>.

Verify engine update info
1. In the Exchange Management Shell, run Add-PSSnapin Microsoft.Forefront.Filtering.Management.Powershell.
2. Run Get-EngineUpdateInformation and verify the UpdateVersion information is 2112330001.

After updating the engine, we also recommend that you verify that mail flow is working and that FIPFS error events are not present in the Application event log.

Copyright © 2013 The Funky Tech Guy ™ is a registered trademark.

Designed by Templateism . Built with Blogger Templates .