The new-found OpenSSL bug named as Heartbleed has caused worry for all the commercial as well as other websites that are internet-based. However, Microsoft announced in a blog that their services are unaffected by the vulnerability caused by OpenSSL Heartbleed.
In this announcement, Microsoft mentions about the services that remain unaffected by this hazardous bug, which is capable of accessing user’s critical data such as credit card details, personal information etc.
“After a thorough investigation, Microsoft determined that Microsoft Account, Microsoft Azure, Office 365, Yammer and Skype, along with most Microsoft Services, are not impacted by the OpenSSL “Heartbleed” vulnerability. Windows’ implementation of SSL/TLS is also not impacted. A few Services continue to be reviewed and updated with further protections.”
Microsoft also mentions in the blog that why the OpenSSL Heartbleed bug cant affect it.
“Microsoft Account and Microsoft Azure, along with most Microsoft Services, were not impacted by the OpenSSL vulnerability. Windows’ implementation of SSL/TLS was also not impacted. Microsoft Azure Web Sites, Microsoft Azure Pack Web Sites and Microsoft Azure Web Roles do not use OpenSSL to terminate SSL connections. Windows comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed vulnerability.”
The Windows Club also published a blog about the risks caused by the OpenSSL Heartbleed bug on April 10th, 2014. You can read about the Heartbleed bug and how to protect yourself from the bug in this blog. Our blog specifically mentions different reasons of why Heartbleed bug is so hazardous for your security.
The Qualys SSL LABS website helps take SSL Server test for various websites. The Windows Club took the test for checking its response for Heartbleed bug and the website passed with an A. We also use Cloudflare. You can check the results and get and website checked here.