Microsoft gobbles up corp.com domain to keep it from hackers

Microsoft logo suspended above a conference floor

Microsoft has purchased the domain corp.com. The company confirmed the purchase on Tuesday but has yet to reveal how much it paid to acquire the domain. When its original owner, Mike O’Connor, first put it up for sale in February, he priced it at a cool $1.7 million.

So why did Microsoft potentially pay nearly $2 million for this domain? It was a security threat waiting to happen, and gobbling it up was the only way to keep it in safe hands.

The security issues are related to a namespace collision, which is when there's an overlap between an internal domain name and an address on the internet. The corp.com domain was a potential security threat because earlier versions of Windows presented admins with “corp” as the default domain name suggestion when setting up a company's Active Directory service.

Had someone other than Microsoft purchased the domain, they could have leveraged it to harvest sensitive data from Windows devices with the default “corp.com” setting.

"To help in keeping systems protected we encourage customers to practice safe security habits when planning for internal domain and network names," a Microsoft spokesperson shared. "We released a security advisory in June of 2009 and a security update that helps keep customers safe. In our ongoing commitment to customer security, we also acquired the corp.com domain."

Wisconsin native Mike O’Connor purchased corp.com 26 years ago and has done little with it. He was well aware of the security risks the domain presented for Windows users and hoped, in the end, Microsoft would do right by its users and purchase the domain.

Ultimately, what Microsoft's purchase of the corp.com domain fails to solve is the issue of companies tying their internal networks to domains they don't own. As long as they continue this unsafe tactic, these companies leave the door open to a potential security nightmare.