From the Department of Bizarre Anomalies: Microsoft has suppressed an unexplained anomaly on its network that was routing traffic destined to example.com—a website reserved for testing purposes—to a maker of electronics cables situated in Japan.
Under the RFC2606—an official standard maintained by the Web Engineering Task Force—example.com isn’t obtainable by any party. As a substitute it resolves to IP addresses assigned to Web Assiged Names Authority. The designation is meant to stop third parties from being bombarded with traffic when developers, penetration testers, and others need a website for testing or discussing technical issues. As a substitute of naming an Web-routable domain, they’re to decide on example.com or two others, example.net and example.org.
Misconfig gone, but is it fixed?
Output from the terminal command cURL shows that devices inside Azure and other Microsoft networks have been routing some traffic to subdomains of sei.co.jp, a website belonging to Sumitomo Electric. A lot of the resulting text is precisely what’s expected. The exception is the JSON-based response. Here’s the JSON output from Friday:
{"email":"email@example.com","services":[],"protocols":[{"protocol":"imap","hostname":"imapgms.jnet.sei.co.jp","port":993,"encryption":"ssl","username":"email@example.com","validated":false},{"protocol":"smtp","hostname":"smtpgms.jnet.sei.co.jp","port":465,"encryption":"ssl","username":"email@example.com","validated":false}]}
Similarly, results when adding a brand new account for test@example.com in Outlook looked like this:
In each cases, the outcomes show that Microsoft was routing email traffic to 2 sei.co.jp subdomains: imapgms.jnet.sei.co.jp and smtpgms.jnet.sei.co.jp. The behavior was the results of Microsoft’s autodiscover service.
“I’m admittedly not an authority in Microsoft’s internal workings, but this appears to be an easy misconfiguration,” Michael Taggart, a senior cybersecurity researcher at UCLA Health, said. “The result’s that anyone who tries to establish an Outlook account on an example.com domain might by accident send test credentials to those sei.co.jp subdomains.”
When asked early Friday afternoon why Microsoft was doing this, a representative had no answer and asked for more time. By Monday morning, the improper routing was not occurring, however the representative still had no answer.
