Microsoft Buys Corp.com to Keep It Safe From Criminals – Potentially Spent Over $1.7 Million

Apr 7, 2020
Submit

Microsoft has apparently scooped up the domain corp.com to keep it from falling into the hands of attackers. The domain went up for auction at a starting price of $1.7 million when it was listed by its owner, a Mike O'Connor who owned it for around 26 years.

The domain could have created potential security issues for the company's Windows clients where admins used the generic domain name when setting up Active Directory. For years, experts have suggested that whoever would gain access to corp.com would also potentially get access to sensitive data from hundreds of thousands of Windows systems around the world. Security researcher Brian Krebs explains:

[Updated] And It Begins… All the Windows 10 v2004 Known Issues as Confirmed by Microsoft Itself

[...] unfortunately, in early versions of Windows that supported Active Directory - Windows 2000 Server, for example - the default or example Active Directory path was given as “corp,” and many companies apparently adopted this setting without modifying it to include a domain they controlled.

Compounding things further, some companies then went on to build (and/or assimilate) vast networks of networks on top of this erroneous setting.

Krebs warned that companies that have tied their internal Active Directory networks to domains (not just corp.com) they don't control or own are putting themselves at potential security risks.

The Windows maker has confirmed the purchase.

"To help in keeping systems protected we encourage customers to practice safe security habits when planning for internal domain and network names," Microsoft's statement reads. "We released a security advisory in June of 2009 and a security update that helps keep customers safe. In our ongoing commitment to customer security, we also acquired the Corp.com domain."

- PowerShell Script Released to Help You Fight COVID-19 by Donating Extra Processing Power with Windows Sandbox

Submit