Microsoft may have just spent millions on a new domain. The company today confirmed it has purchased the domain name Corp.com in an effort to protect customer security, reports KrebsOnSecurity.
The reason behind the purchase is actually quite fascinating. Corp.com is considered a dangerous domain by security experts, mainly because of an issue with how Microsoft’s Active Directory feature worked in older versions of Windows.
The owner of the domain, Mike O’Connor, who purchased the domain 26 years ago, started auctioning the domain back in February for–wait for it–$1.7 million. Microsoft confirmed the company has purchased the domain, but it wouldn’t disclose exactly how much it spent. It’s likely the company spent more than the $1.7 million starting price.
KrebsOnSecurity reported the issue with Corp.com and Active Directory back in February.
The problem is actually pretty interesting from a networking point of view. As KrebsOnSecurity explains, earlier versions of Windows that supported Active Directory had set “corp” as the default path, and many companies apparently started using the name without changing it to a domain that they actually owned. And that means whoever had access to Corp.com could possibly intercept the requests coming in from these organizations, and steal sensitive data. The problem is much deeper and complicated than that, of course.
Microsoft has released Windows updates in the past to help against such issues, but it’s now buying the Corp.com to completely protect organizations who use “corp” on Active Directory.
“To help in keeping systems protected we encourage customers to practice safe security habits when planning for internal domain and network names. We released a security advisory in June of 2009 and a security update that helps keep customers safe. In our ongoing commitment to customer security, we also acquired the Corp.com domain,” a Microsoft spokesperson said.