Home 零对冲(ZeroHedge)每日HackerNews

微软处理不当示例.com
Microsoft mishandling example.com

原始链接: https://tinyapps.org/blog/microsoft-mishandling-example-com.html

## Microsoft Autodiscover 错误配置 – 摘要 自2020年2月以来,Microsoft的Autodiscover服务一直错误地将对IANA保留域名`example.com`的请求定向到Sumitomo Electric Industries (`sei.co.jp`)的邮件服务器。这意味着在Outlook (Windows & macOS)中配置类似`[email protected]`的虚拟邮箱时,它会错误地自动配置为Sumitomo的IMAP和SMTP服务器,尽管`example.com`已被明确保留,且不应解析到实际服务。 DNS检查证实`example.com`没有指向`sei.co.jp`的记录,表明问题在于Microsoft的Autodiscover数据库中。直接查询Microsoft的Autodiscover API证实了这一点,返回了`sei.co.jp`的服务器详细信息。调试信息显示,此错误配置已持续近六年,并非由众包数据导致,表明是Microsoft系统中的手动录入。这可能会导致测试凭据被无意中发送到错误的服务器。

最近有报道指出,微软对其Autodiscover服务的错误配置,导致自2020年以来,为IANA保留域名`example.com`的流量被错误地路由到住友电工的邮件服务器。这可能导致测试凭据和其他敏感数据泄露。 评论员指出,使用IANA保留域名(如`.example`、`.test`,甚至`.local`,微软之前曾推荐用于Active Directory)的危险性,原因是潜在的DNS错误配置。Autodiscover协议本身也受到批评;如果缺少`autodiscover.example.com`,它会检查`autodiscover.com`,从而产生漏洞。 用户猜测原因,从简单的错误到潜在的监控影响。该事件加剧了人们对微软品牌管理的担忧,一些人质疑其整体能力。链接文章更详细地介绍了Autodiscover漏洞。
相关文章
原文

TL;DR: Since at least February 2020, Microsoft's Autodiscover service has incorrectly routed the IANA-reserved example.com to Sumitomo Electric Industries' mail servers at sei.co.jp, potentially sending test credentials there.

Problem

While setting up [email protected] as a dummy account in Outlook (on both Windows and macOS), Outlook consistently auto-configured it to use imapgms.jnet.sei.co.jp (IMAP) and smtpgms.jnet.sei.co.jp (SMTP) despite example.com being an IANA-reserved domain that should not resolve to real services.

The same behavior appeared on different machines, profiles, networks, and DNS resolvers, including a newly provisioned Windows 365 Cloud PC:

Confirmation

DNS verification

Confirm that example.com has no DNS records pointing to sei.co.jp:

% dig MX example.com +short
0 .

% dig CNAME autodiscover.example.com +short
(no response)

% dig SRV _autodiscover._tcp.example.com +short
(no response)

The domain has a null MX record (indicating it doesn't accept email) and no Autodiscover DNS entries, confirming the misconfiguration exists entirely within Microsoft's database.

Microsoft autodiscover API response

Microsoft's Autodiscover service misconfiguration can be confirmed via curl -v -u "[email protected]:password" "https://prod.autodetect.outlook.cloud.microsoft/autodetect/detect?app=outlookdesktopBasic":

View full output 

* Host prod.autodetect.outlook.cloud.microsoft:443 was resolved.
* IPv6: (none)
* IPv4: 172.169.69.94
*   Trying 172.169.69.94:443...
* Connected to prod.autodetect.outlook.cloud.microsoft (172.169.69.94) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
*  subject: C=US; ST=WA; L=Redmond; O=Microsoft Corporation; CN=autodetect.outlookmobile.com
*  start date: Nov  1 12:31:46 2025 GMT
*  expire date: Jan 30 12:31:46 2026 GMT
*  subjectAltName: host "prod.autodetect.outlook.cloud.microsoft" matched cert's "*.autodetect.outlook.cloud.microsoft"
*  issuer: C=US; O=Microsoft Corporation; CN=Microsoft Azure RSA TLS Issuing CA 03
*  SSL certificate verify ok.
* using HTTP/2
* Server auth using Basic with user '[email protected]'
* [HTTP/2] [1] OPENED stream for https://prod.autodetect.outlook.cloud.microsoft/autodetect/detect?app=outlookdesktopBasic
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: prod.autodetect.outlook.cloud.microsoft]
* [HTTP/2] [1] [:path: /autodetect/detect?app=outlookdesktopBasic]
* [HTTP/2] [1] [authorization: Basic ZW1haWxAZXhhbXBsZS5jb206cGFzc3dvcmQ=]
* [HTTP/2] [1] [user-agent: curl/8.7.1]
* [HTTP/2] [1] [accept: */*]
> GET /autodetect/detect?app=outlookdesktopBasic HTTP/2
> Host: prod.autodetect.outlook.cloud.microsoft
> Authorization: Basic ZW1haWxAZXhhbXBsZS5jb206cGFzc3dvcmQ=
> User-Agent: curl/8.7.1
> Accept: */*
> 
* Request completely sent off
< HTTP/2 200 
< content-type: application/json; charset=utf-8
< date: Mon, 08 Dec 2025 21:32:58 GMT
< server: Kestrel
< strict-transport-security: max-age=2592000
< x-olm-source-endpoint: /detect
< x-provider-id: seeatest
< x-debug-support: eyJkZWNpc2lvbiI6ImF1dG9EdjIgPiBhdXRvRHYxID4gZml4ZWQgZGIgcHJvdmlkZXIgPiBmaXhlZCBkYiBkb21haW4gcHJvdG9jb2xzID4gZGIgcHJvdmlkZXIgPiBkYiBkb21haW4gcHJvdG9jb2xzIiwiYXV0b0QiOnsidjIiOm51bGwsInYxIjpudWxsfSwiZGIiOnsicHJvdmlkZXIiOnsiRG9tYWluSWQiOm51bGwsIklkIjoic2VlYXRlc3QiLCJTZXJ2aWNlIjpudWxsLCJQcm90b2NvbHMiOlt7InByb3RvY29sIjoic210cCIsIkRvbWFpbiI6bnVsbCwiSG9zdG5hbWUiOiJzbXRwZ21zLmpuZXQuc2VpLmNvLmpwIiwiUG9ydCI6NDY1LCJFbmNyeXB0aW9uIjoiU3NsIiwiSXNDcm93ZHNvdXJjZWQiOm51bGwsIkZlZWRiYWNrcyI6bnVsbCwiSW5zZWN1cmUiOm51bGwsIlNlY3VyZSI6IlRydWUiLCJVc2VybmFtZSI6IntlbWFpbH0iLCJWYWxpZGF0ZWQiOmZhbHNlLCJBdXRvZGlzY292ZXIiOm51bGwsIkFhZCI6bnVsbH0seyJwcm90b2NvbCI6ImltYXAiLCJEb21haW4iOm51bGwsIkhvc3RuYW1lIjoiaW1hcGdtcy5qbmV0LnNlaS5jby5qcCIsIlBvcnQiOjk5MywiRW5jcnlwdGlvbiI6IlNzbCIsIklzQ3Jvd2Rzb3VyY2VkIjpudWxsLCJGZWVkYmFja3MiOm51bGwsIkluc2VjdXJlIjpudWxsLCJTZWN1cmUiOiJUcnVlIiwiVXNlcm5hbWUiOiJ7ZW1haWx9IiwiVmFsaWRhdGVkIjpmYWxzZSwiQXV0b2Rpc2NvdmVyIjpudWxsLCJBYWQiOm51bGx9XSwiQ3JlYXRlZEF0IjoiMjAyMC0wMi0wM1QwNTozMToyMy4yOTgwMjQ4IiwiVXBkYXRlZEF0IjoiMjAyMC0wMi0wM1QwOToxMjo1OS4wMjQ1ODciLCJQcmVkaWNhdGVzIjpudWxsLCJBdXRvRHYyRW5kcG9pbnQiOm51bGwsIkNvbW1lbnQiOm51bGwsIkZlZWRiYWNrcyI6bnVsbCwiSXNDcm93ZHNvdXJjZWQiOmZhbHNlfSwiZG9tYWluIjp7ImZpeGVkIjpmYWxzZSwiYXV0b0R2MkVuZHBvaW50IjpudWxsLCJwcm92aWRlcklkIjoic2VlYXRlc3QiLCJwcm90b2NvbHMiOm51bGx9fX0=
< x-autodv2-error: ENOTFOUND
< x-feedback-token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJEIjoiZXhhbXBsZS5jb20iLCJQSSI6InNlZWF0ZXN0IiwiUyI6W10sIlAiOlsiaW1hcHM6Ly9pbWFwZ21zLmpuZXQuc2VpLmNvLmpwOjk5MyIsInNtdHBzOi8vc210cGdtcy5qbmV0LnNlaS5jby5qcDo0NjUiXSwiUFQiOiJpbWFwIHNtdHAiLCJleHAiOjE3NjUyMzMxNzgsImlhdCI6MTc2NTIyOTU3OH0.-ohD7c9hytRZK_b4EJ0M5Tke7hl8u1wjsMYRV71GZik
< x-dns-prefetch-control: off
< x-frame-options: SAMEORIGIN
< x-download-options: noopen
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< x-instance-id: autodetect-deployment-76fffc487d-wfs4b
< x-response-time: 3472 ms
< x-request-id: f1b6525f-6d11-4add-a0e4-0b677d89f9eb
< x-autodetect-cv: f1b6525f-6d11-4add-a0e4-0b677d89f9eb
< 
* Connection #0 to host prod.autodetect.outlook.cloud.microsoft left intact
{"email":"[email protected]","services":[],"protocols":[{"protocol":"imap","hostname":"imapgms.jnet.sei.co.jp","port":993,"encryption":"ssl","username":"[email protected]","validated":false},{"protocol":"smtp","hostname":"smtpgms.jnet.sei.co.jp","port":465,"encryption":"ssl","username":"[email protected]","validated":false}]}%

The JSON response:

{
  "email": "[email protected]",
  "services": [],
  "protocols": [
    {
      "protocol": "imap",
      "hostname": "imapgms.jnet.sei.co.jp",
      "port": 993,
      "encryption": "ssl",
      "username": "[email protected]",
      "validated": false
    },
    {
      "protocol": "smtp",
      "hostname": "smtpgms.jnet.sei.co.jp",
      "port": 465,
      "encryption": "ssl",
      "username": "[email protected]",
      "validated": false
    }
  ]
}

Decoded debug header

The x-debug-support header (Base64-decoded) reveals additional details:

Field Value
Provider ID seeatest
Created 2020-02-03 05:31:23 UTC
Updated 2020-02-03 09:12:59 UTC
IsCrowdsourced false

This misconfiguration has existed for nearly six years and was not crowdsourced. It appears to have been manually added to Microsoft's database.

Related

❧ 2026-01-01

联系我们 contact @ memedata.com