Firefox 96.0 is officially shipping today as the first update of 2022 for this open-source web browser. From a report: Firefox 96.0 has "significantly" reduced the amount of load placed on the browser's main thread and there is also "significant" improvements in noise suppression and auto-gain-control and improvements in echo cancellation. In addition to that performance work, there are also WebRTC improvements, an improved cookie policy to reduce the likelihood of Cross-Site Request Forgery (CSRF) attacks, video quality degradation fixes, and other fixes. Over on developer.mozilla.org are some of the web developer changes with Firefox 96 including CSS color value function hwb() support for specifying the hue/whiteness/blackness, support for the CSS color-scheme property, the Web Locks API is enabled by default, image encoder support for WebP for exporting HTML5 canvas elements, and other additions.

Security professionals will be dealing with the fallout from the Log4j bug for a long time to come, top officials for the Cybersecurity and Infrastructure Security Agency said Monday. CNET reports: If left unpatched or otherwise unfixed, the major security flaw discovered a month ago in the Java-logging library Apache Log4j poses risks for huge swaths of the internet. The vulnerability in the widely used software could be exploited by cyberattackers to take over computer servers, potentially putting everything from consumer electronics to government and corporate systems at risk of a cyberattack. No US federal agencies have been compromised as a result of the vulnerability, CISA Director Jen Easterly told reporters on a call Monday. In addition, no major cyberattacks involving the bug have been reported in the US, though many attacks go unreported, she said.

Easterly said the sheer scope of the vulnerability, which affects tens of millions of internet-connected devices, makes it the worst she has seen in her career. It's possible, she said, that attackers are biding their time, waiting for companies and others to lower their defenses before they attack. "We do expect Log4Shell to be used in intrusions well into the future," Easterly said, using the name for the bug in the Log4j software. She noted the Equifax data breach in 2017, which compromised the personal information of nearly 150 million Americans, stemmed from a vulnerability in open-source software. Most of the attempts to exploit the bug, so far, have been focused on low-level crypto mining or attempts to draw devices into botnets, she said.

An anonymous reader quotes The Record: In a piece of groundbreaking research published on Tuesday night, security firm ZecOps said that it found a way to block and then simulate an iOS restart operation, a technique that they believe could be extremely useful to attackers who may want to trick users into thinking they rebooted their device and as a result, maintain access for their malware on that infected system.

The technique is of extreme importance and gravity because of the way the iPhone malware landscape has evolved in recent years, where, due to advances in the security of the iOS operating system, malware can't achieve boot persistence as easily as it once did.... As a result, many security experts have recommended over the past year that users who might be the target of malicious threat actors regularly reboot devices in order to remove backdoors or other implants.... But in a blog post on Tuesday, ZecOps said that the iOS restart process isn't immune to being hijacked once an attacker has gained access to a device, in a way to perform a fake restart where the user's device only has its UI turned off, instead of the entire OS.

An anonymous reader writes: Salesforce, the world's largest customer relationship management platform, said that customers must have a form of multi-factor authentication (MFA) turned on starting next month, or they won't be able to access their accounts. "Beginning February 1, 2022, Salesforce will require customers to use MFA in order to access Salesforce products," the company said last month.

Salesforce said that users will be able to choose from using security keys, an authenticator app, or an OS biometrics systems to secure accounts. MFA solutions that rely on sending one-time passcodes via email, phone, or SMS messages won't be allowed "because these methods are inherently vulnerable to interception, spoofing, and other attacks," Salesforce explained.
"We encourage users to register multiple verification methods so they have a backup in case they forget or lose their primary method," the company added.

An anonymous reader quotes a report from The Drive: AU.S. Cyber Command task force executed what is being described as its "first offensive cyber effect operation" against real-world cyber threats. While the exact nature of the operation and its target remains unknown, the event was significant enough for the U.S. Secretary of Defense to personally attend to watch the operation in action. The operation was conducted between February and August 2021 by a task force consisting of personnel from the Maryland Air National Guard's 175th Cyber Operations Group, the Delaware Air National Guard's 166th Cyber Operations Squadron, U.S. Navy's Cyber Strike Activity Sixty-Three, the U.S. Air Force's 341st Cyber Operations Squadron, and the Air Force Reserve. The task force executed the operation from February to August last year, although the Air National Guard (ANG) just announced it this week. While there have been other offensive cyber operations conducted by U.S. Cyber Command (USCYBERCOM), this is the first conducted and acknowledged by this particular task force.

Details about the specific threat countered by the task force's cyber offensive are scarce, but USAF Maj. Corley Bradford, director of operations for 175th Cyberspace Operations Squadron, said the offensive cyber operation involved the security of Department of Defense information networks. "[Our] NMT was a direct contributor to [our task force] conducting a successful offensive cyber effects operation," Bradford stated in an ANG press release. "It was a lot of excitement to finally see the fruits of our labor when [our task force] delivered its first offensive cyber effects operations during this mobilization," said Bradford. Interestingly, Secretary of Defense Lloyd J. Austin III was on hand to personally witness the operation. "It was a massive milestone," Maj. Bradford said, "so he wanted front row seats to see the action firsthand."

The Federal Bureau of Investigation (FBI) warned US companies in a recently updated flash alert that the financially motivated FIN7 cybercriminals group is targeting the US defense industry with packages containing malicious USB devices. BleepingComputer reports: The attackers are mailing packages containing 'BadUSB' or 'Bad Beetle USB' devices with the LilyGO logo, commonly available for sale on the Internet. The packages have been mailed via the United States Postal Service (USPS) and United Parcel Service (UPS) to businesses in the transportation and insurance industries since August 2021 and defense firms starting with November 2021. FIN7 operators impersonate Amazon and the US Department of Health & Human Services (HHS) to trick the targets into opening the packages and connecting the USB drives to their systems. Since August, reports received by the FBI say that these malicious packages also contain letters about COVID-19 guidelines or counterfeit gift cards and forged thank you notes, depending on the impersonated entity.

After the targets plug the USB drive into their computers, it automatically registers as a Human Interface Device (HID) Keyboard (allowing it to operate even with removable storage devices toggled off). It then starts injecting keystrokes to install malware payloads on the compromised systems. FIN7's end goal in these attacks is to access the victims' networks and deploy ransomware within a compromised network using various tools, including Metasploit, Cobalt Strike, Carbanak malware, the Griffon backdoor, and PowerShell scripts. [...] Companies can defend against such attacks by allowing their employees to connect only USB devices based on their hardware ID or if they're vetted by their security team.

One compromised admin account led to two projects being scammed in a day. From a report: On Tuesday, December 21st, two NFT projects fell victim to the same attack. Like many projects in the crypto world, the NFT collection Monkey Kingdom and in-game asset marketplace Fractal both engaged heavily with their communities through Discord chat servers. Both projects were about to distribute rewards to their community members: Monkey Kingdom through an NFT presale on the day of the 21st and Fractal through a token airdrop -- essentially a free distribution to early supporters -- a few days later. Then, disaster struck. Posts appeared in the official "announcements" channel of each project claiming that a surprise mint would reward community members with a limited edition NFT. Hundreds jumped at the chance -- but for those who followed the links and connected their crypto wallets, a costly surprise was waiting. Rather than receiving an NFT, wallets were being drained of the Solana cryptocurrency, which both projects used for purchases.

In the space of an hour, a Twitter post, first from Monkey Kingdom and then from Fractal, informed followers that their Discord servers had been hacked; news of the NFT mints was bogus, the links a phishing fraud. In the case of Fractal, the scammers got away with about $150,000 worth of cryptocurrency. For Monkey Kingdom, the estimated total was reported to be $1.3 million. Neither attack targeted the blockchain or the tokens themselves. Instead, the thieves exploited weaknesses in the infrastructure used to sell the tokens -- specifically, the Discord chatrooms where NFT fans gather. It's a reminder of a persistent weakness in the growing NFT economy, where surprise drops have primed buyers to move fast or risk missing out. But the same techniques that hype up a sale can also open the door to hackers -- and in this case, a single compromise can end up spreading to more than one community at once. In this case, the NFTs thieves had targeted a feature known as a webhook. Webhooks are used by many web applications (Discord included) to listen for a message sent to a particular URL and trigger an event in response, like posting content to a certain channel. By gaining access to webhooks belonging to the Fractal and Monkey Kingdom Discord servers, the hackers were able to send messages that were broadcast to all members of certain channels: a feature meant to be used only for official communications from the project teams. This was where the fake "announcement" had come from and why it had pointed to a scam address. In hindsight, the content should have raised some red flags -- but given the distribution method, it looked just legitimate enough that many were fooled.

Honda and Acura owners around the world are reporting that their clocks and calendars are getting stuck at a certain time in the year 2002. "The spread is impressive, impacting Honda and Acura models as old as 2004 and as new as 2012," reports Jalopnik. "There is no fix for the current issue. Honda says it's investigating and if it does not find a fix, the clocks should correct themselves sometime in August." From the report: As a number of Honda and Acura owners have noted on these forums, their clocks read correctly until what appeared to have been the first time update of 2022. Then, their navigation systems turned into time machines, leaving them behind as they went back to 2002. I asked Honda about the cause of the issue and received this back: "American Honda is aware of a potential concern related to the clock display on certain older Acura and Honda models equipped with navigation systems. We are currently investigating this issue to determine possible countermeasures and have no additional details to share at this time." Owners have also reached out and received different responses.

If you have experience coding or troubleshooting software, the possible cause of this time warp probably popped into your head early on. Drive Accord forum user Jacalar went into the navigation system's diagnostic menu on Sunday and discovered that the GPS date was set to May 19, 2002, or exactly 1024 weeks in the past. Global Positioning Systems measure time from an epoch, or a specific starting point used to calculate time. The date is broadcasted including a number representing the week, coded in 10 binary digits. These digits count from 0 to 1023 then roll over on week 1024. GPS weeks first started on January 6, 1980 before first zeroing out on midnight August 21, 1999. It happened again April 6, 2019. The next happens in 2038.

If software isn't coded to account for the rollover, weird stuff can happen, like a calendar going back exactly 1024 weeks. It's impossible to know for sure without being able to look at Honda's programming, but these navigation systems might be programmed so that the start of their week counter is a date 19.6 years in the past, but not in-line with GPS epoch. Owners should be able to turn off the automatic update function and set the date and time manually, but they're finding that the functionality doesn't work right now. Likewise, the clock resets back to the incorrect time every time the car is started.

An anonymous reader quotes a report from BleepingComputer: Accounts of more than three million users of the U.S.-based FlexBooker appointment scheduling service have been stolen in an attack before the holidays and are now being traded on hacker forums. The same intruders are offering databases claiming to be from two other entities: racing media organization Racing.com and Redbourne Group's rediCASE case management software, both from Australia. Among FlexBooker's customers are owners of any business that needs to schedule appointments, which is everything from accountants, barbers, doctors, mechanics, lawyers, dentists, gyms, salons, therapists, trainers, spas, and the list goes on.

Claiming the attack seems to be a group calling themselves Uawrongteam, who shared links to archives and files with sensitive information, such as photos, driver's licenses, and other IDs. According to Uawrongteam, the database contains a table with 10 million lines of customer information that ranges from payment forms and charges to driver's license photos. The actor notes that some "juicy columns" in the database are names, emails, phone numbers, password salt, and hashed passwords. FlexBooker has sent a data breach notification to customers, confirming the attack and that the intruders "accessed and downloaded" data on the service's Amazon cloud storage system. "On December 23, 2021, starting at 4:05 PM EST our account on Amazon's AWS servers was compromised," reads the notification, adding that the intruders did not access "any credit card or other payment card information."

The CharaChorder is a new kind of typing peripheral that promises to let people type at superhuman speeds. From a report: It's so fast that the website Monkeytype, which lets users participate in typing challenges and maintains its own leaderboard, automatically flagged CharaChorder's CEO as a cheater when he attempted to post his 500 WPM score on the its leaderboards. It's a strange looking device, the kind of thing Keanu Reeves would interface with in Johnny Mnemonic. Your palms rest on two black divots out of which rise nine different finger sized joysticks. These 18 sticks move in every direction and, its website claims, can hit every button you need on a regular keyboard. "CharaChorder switches detect motion in 3 dimensions so users have access to over 300 unique inputs without their fingers breaking contact with the device," it said. Users input words and commands by clicking the switches in different directions. CharaCorder claims that, once a user learns how to type with the machine, they can achieve speeds impossible on a QWERTY keyboard. Most people type around 40 words per minute (WPM) with skilled typists hitting upwards of 100 WPM. Competition typers can break into the 200 WPM. Riley Keen, CharaChorder's CEO, is posting TikToks where he's hitting speeds above 500 WPM.

In November 2020, Microsoft took the wraps off its Pluton security chip, with the goal of bringing it to all Windows 10 PCs. It wasn't until this week, that any of Microsoft's OEMs announced their first Pluton-powered PCs. From a report: At CES, Lenovo unveiled its Ryzen-6000-based ThinkPad Z series laptops running Windows 11, which will integrate the Microsoft Pluton processor. The coming ThinkPad Z series laptops will begin shipping in May 2022. Thanks to Pluton, these devices will be able to receive updated firmware using Windows Update. In the ThinkPad Z13 and Z16, Pluton will help protect Windows Hello credentials, according to Microsoft, by further isolating them from attackers. These new ThinkPads will use Pluton as their TPMs to protect encryption keys from physical attacks, Microsoft officials said. Microsoft pioneered Pluton first in Azure Sphere, its Linux-based microcontroller, and in Xbox. In a January 4 blog post, Microsoft officials noted that Pluton can be configured in three ways: As the Trusted Platform Module (TPM); as a security processor for non-TPM scenarios like platform resiliency; or inside a device where OEMs have opted to ship with the chip turned off.

U.S. organizations that fail to secure customer data against Log4Shell, a zero-day vulnerability in the widely-used Log4j Java logging library, could face legal repercussions, the Federal Trade Commission (FTC) has warned. From a report: In an alert this week, the consumer protection agency warned that the "serious" flaw, first discovered in December, is being exploited by a growing number of attackers and poses a "severe risk" to millions of consumer products. The public letter urges organizations to mitigate the vulnerability in order to reduce the likelihood of harm to consumers and to avoid potential legal action.

"When vulnerabilities are discovered and exploited, it risks a loss or breach of personal information, financial loss and other irreversible harms," the agency said. "The duty to take reasonable steps to mitigate known software vulnerabilities implicates laws including, among others, the Federal Trade Commission Act and the Gramm Leach Bliley Act. It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action."

An anonymous reader quotes a report from Bloomberg: A record 4.5 million Americans quit their jobs in November while openings remained elevated, highlighting persistent churn in the labor market. The increase in departures was broad across industries and pushed the quits rate up to 3%, matching the most in data back to 2000. Meanwhile, the number of available positions fell to 10.6 million from an upwardly revised 11.1 million in October, the Labor Department's Job Openings and Labor Turnover Survey, or JOLTS, showed Tuesday.

The median forecast in a Bloomberg survey of economists called for a rise to 11.1 million job openings. While the drop was the largest since April 2020, vacancies remain well above pre-pandemic levels. The unprecedented level of quits -- including a record 1 million in leisure and hospitality alone -- suggests a lingering struggle for employers to retain talent. Meanwhile, the month's increase in hiring showed companies were able to make at least some headway filling vacancies. The data come ahead of Friday's monthly employment report from the Labor Department, which is currently forecast to show that the U.S. added 420,000 jobs in December. [...] Total hires were little changed in November at 6.7 million. Layoffs and discharges were also steady.

Security researcher Trevor Spiniolas has discovered a vulnerability "capable of locking iOS devices into a spiral of freezing, crashing, and rebooting if a user connects to a sabotaged Apple Home device," reports The Verge. From the report: The vulnerability [...] can be exploited through Apple's HomeKit API, the software interface that allows an iOS app to control compatible smart home devices. If an attacker creates a HomeKit device with an extremely long name -- around 500,000 characters -- then an iOS device that connects to it will become unresponsive once it reads the device name and enter a cycle of freezing and rebooting that can only be ended by wiping and restoring the iOS device. What's more, since HomeKit device names are backed up to iCloud, signing in to the same iCloud account with a restored device will trigger the crash again, with the cycle continuing until the device owner switches off the option to sync Home devices from iCloud.

Though it's possible that an attacker could compromise a user's existing HomeKit-enabled device, the most likely way the exploit would be triggered is if the attacker created a spoof Home network and tricked a user into joining via a phishing email. To guard against the attack, the main precaution for iOS users is to instantly reject any invitations to join an unfamiliar Home network. Additionally, iOS users who currently use smart home devices can protect themselves by entering the Control Center and disabling the setting "Show Home Controls." (This won't prevent Home devices from being used but limits which information is accessible through the Control Center.)

A YouTuber who goes by the name of Buildzoid on the Actually Hardcore Overlocking channel has figured out that a backward capacitor on the Asus ROG Maximus Z690 Hero motherboard is causing it to melt down, according to a report by Tom's Hardware. From a report: Asus has since acknowledged the issue in a post on its site and plans on issuing replacements to customers with affected motherboards. Problems with the Z690 Hero motherboard started turning up on the Asus support forum, as well as on Reddit, and the issues experienced by users are pretty much identical. As noted by Tom's Hardware, users reported that their motherboards started smoking in the same spot: the two MOSFETs (metal-oxide-semiconductor field-effect transistor) next to the DIMM slots and the Q-code reader. In a video on his channel, Buildzoid diagnoses the issue using only the pictures posted to support forums and on Reddit, attributing the Z690 Hero's failure to the backward capacitor installed next to the MOSFETs, not the MOSFETs themselves. Buildzoid looks closely at the images of the motherboard, pointing out that the text on the capacitor is actually upside down, a potential sign that it's installed incorrectly. As Tom's Hardware mentions, a reversed capacitor results in reversed polarity, causing the MOSFETs to malfunction and burn up.

In the days before Christmas, U.S. officials in Boston unveiled insider trading charges against a Russian tech tycoon they had been pursuing for months. They accused Vladislav Klyushin, who'd been extradited from Switzerland on Dec. 18, of illegally making tens of millions of dollars trading on hacked corporate-earnings information. From a report: Yet as authorities laid out their securities fraud case, a striking portrait of the detainee emerged: Klyushin was not only an accused insider trader, but a Kremlin insider. He ran an information technology company that works with the Russian government's top echelons. Just 18 months earlier, Klyushin received a medal of honor from Russian President Vladimir Putin. The U.S. had, in its custody, the highest-level Kremlin insider handed to U.S. law enforcement in recent memory. Klyushin's cybersecurity work and Kremlin ties could make him a useful source of information for U.S. officials, according to several people familiar with Russian intelligence matters. Most critically, these people said, if he chooses to cooperate, he could provide Americans with their closest view yet of 2016 election manipulation.

Morgan Stanley agreed to pay $60 million to settle a class action suit by consumers claiming the firm failed to safeguard their personal information. From a report: The agreement, if approved by a federal judge in Manhattan, would resolve claims over two security breaches that compromised personal information of 15 million current and former clients, according to a group of them that sued in July 2020. The customers claimed the information was stored in data centers that were shut down and on computer servers in branch locations that were replaced. Data stored on the decommissioned data center equipment, including customers' Social Security numbers and birth dates, weren't fully wiped clean and the equipment went missing. A software flaw left data on the old servers in unencrypted form, they claimed.

NBC News writes: VPNs, or virtual private networks, continue to be used by millions of people as a way of masking their internet activity by encrypting their location and web traffic. But on the modern internet, most people can safely ditch them, thanks to the widespread use of encryption that has made public internet connections far less of a security threat, cybersecurity experts say. "Most commercial VPNs are snake oil from a security standpoint," said Nicholas Weaver, a cybersecurity lecturer at the University of California, Berkeley. "They don't improve your security at all...."

Most browsers have quietly implemented an added layer of security in recent years that automatically encrypts internet traffic at most sites with a technology called HTTPS. Indicated by a tiny padlock by the URL, the presence of HTTPS means that worrisome scenario, in which a scammer or a hacker squats on a public Wi-Fi connection in order to watch people's internet habits, isn't feasible. It's not clear that the threat of a hacker at your coffee shop was ever that real to begin with, but it is certainly not a major danger now, Weaver said. "Remember, someone attacking you at the coffee shop needs to be basically at the coffee shop," he said. "I don't know of them ever being used outside of pranks. And those are all irrelevant now with most sites using HTTPS," he said in a text message.

There are still valid uses for VPNs. They're an invaluable tool for getting around certain types of censorship, though other options also exist, such as the Tor Browser, a free web browser that automatically reroutes users' traffic and is widely praised by cybersecurity experts. VPNs are also vital for businesses that need their employees to log in remotely to their internal network. And they're a popular and effective way to watch television shows and movies that are restricted to particular countries on streaming services. But like with antivirus software, the paid VPN industry is a booming global market despite its core mission no longer being necessary for many people.

Most VPNs market their products as a security tool. A Consumer Reports investigation published earlier this month found that 12 of the 16 biggest VPNs make hyperbolic claims or mislead customers about their security benefits. And many can make things worse, either by selling customers' browsing history to data brokers, or by having poor cybersecurity.
The article credits the Electronic Frontier Foundation for popularizing encryption through browser extensions and web site certificates starting in 2010. "In 2015, Google started prioritizing websites that enabled HTTPS in its search results. More and more websites started offering HTTPS connections, and now practically all sites that Google links to do so.

"Since late 2020, major browsers such as Brave, Chrome, Firefox, Safari and Edge all built HTTPS into their programs, making Electronic Frontier Foundation's browser extension no longer necessary for most people."

The CFO of a vacation-rental management company recently told Oregon Public Broadcasting that 20% of people renting a vacation home did so for the first time during the pandemic.

The nonprofit state policy news site Stateline sees a larger trend: Even before the pandemic, the destination towns of the West had a shortage of affordable housing. Limited supply, the remote nature of some of the communities, zoning restrictions and even short construction seasons all contributed.

But the COVID-19 pandemic accelerated everything, including the rise of so-called Zoom towns. Freed from physical offices, suddenly people could live, work and recreate in the vacation communities of the West, with few needs beyond a high-speed internet connection to do jobs that formerly required their presence in major cities. It also in recent years became much easier for owners of second homes to list vacancies with internet-based property firms that promise a steady cash flow in places with seasonal, tourism-based economies. When those homes enter the short-term vacation rental pool, they're no longer available to the local workforce. Brian Chesky, Airbnb's CEO, said recently that about one-fifth of the company's business by room nights is now stays of 30 days or more. People are booking longer stays that combine work and leisure, an area the company sees as full of potential growth...

There are few statewide efforts to address the effects of short-term rentals; some states, such as Idaho, outright prohibit local governments from enacting bans.... In general, the vacation rental industry also fights efforts to enact short-term moratoriums or bans...

[F]ew popular tourist communities in the West have enough affordable options for the staff necessary to run a vacation destination in peak season. In Montana, people who can't afford the rent in some tourist towns have been camping more regularly on public lands in the vicinity, encroaching on grizzly territory. The housing shortage has led directly to more encounters between bears and people, said Bill Avey, a National Forest supervisor in the region. In Whitefish, a gateway to Montana's Glacier National Park, the lack of affordable workforce housing in 2021 forced nearly all food- or beverage-related businesses to curtail hours or close at least one day a week at the height of the summer tourist season, said Lauren Oscilowski, who owns the Spotted Bear Spirits distillery. Over the past year, about half the people on her 11-person team have been forced to move because their landlords decided to turn their housing into more lucrative short-term rentals.

"There's this national thing where hospitality people aren't returning to hospitality because the wages are too low, or they're sick of dealing with the public or whatever it is," Oscilowski said. "But that's just a piece of it. The bigger piece for us is really housing...."

Kalper (Slashdot reader #57,281) shares news from Bleeping Computer: Microsoft Exchange on-premise servers cannot deliver email starting on January 1st, 2022, due to a "Year 2022" bug in the FIP-FS anti-malware scanning engine.

Starting with Exchange Server 2013, Microsoft enabled the FIP-FS anti-spam and anti-malware scanning engine by default to protect users from malicious email. According to numerous reports from Microsoft Exchange admins worldwide, a bug in the FIP-FS engine is blocking email delivery with on-premise servers starting at midnight on January 1st, 2022.

Security researcher and Exchange admin Joseph Roosen said that this is caused by Microsoft using a signed int32 variable to store the value of a date, which has a maximum value of 2,147,483,647. However, dates in 2022 have a minimum value of 2,201,010,001 or larger, which is greater than the maximum value that can be stored in the signed int32 variable, causing the scanning engine to fail and not release mail for delivery. When this bug is triggered, an 1106 error will appear in the Exchange Server's Event Log stating, "The FIP-FS Scan Process failed initialization. Error: 0x8004005. Error Details: Unspecified Error" or "Error Code: 0x80004005. Error Description: Can't convert "2201010001" to long." Microsoft will need to release an Exchange Server update that uses a larger variable to hold the date to officially fix this bug.

However, for on-premise Exchange Servers currently affected, admins have found that you can disable the FIP-FS scanning engine to allow email to start delivering again... Unfortunately, with this unofficial fix, delivered mail will no longer be scanned by Microsoft's scanning engine, leading to more malicious emails and spam getting through to users.