Active Directory is a service commonly utilized in corporate networks which among other things handles authentication and shared computing resources. This is the service that allows you to map network drives and printers easily on a primarily Windows network. In order to map those services DNS is utilized so that users don’t have to remember a bunch of IP addresses. The issue is that old versions of Active Directory defaulted to ‘corp’ as the root name, causing collisions anywhere outside of the specific corporate network it was setup on. If the computer tried to look up the fileserver address for example, it would ask the Active Directory service for the address using the name ‘fileserver\corp’. On the original network the Active Directory server would know about the ‘corp configuration’ and return the correct address. But if the user was on a different network, such as at a hotel or home, they would likely get back a generic DNS response for the ‘corp.com’ domain name. The computer would then try to access this resource as normal, potentially sending authentication tokens or other details to the computer that ‘corp.com’ was pointing to.
Microsoft started working on this problem in 2009 when it issued updates designed to mitigate the problem. They also issued updates in 2015 designed to further mitigate the issue. It turns out that a lot of computers simply never updated, as information never stopped flowing to ‘corp.com’. Microsoft has also recommended not using the default ‘corp’ setting in Active Directory for as long as they have known about the issue. Now at least with the domain in the hands of Microsoft they can monitor the incoming traffic and perhaps find out a way to stop it all together.