Microsoft Not Impacted by Heartbleed Vulnerability

Posted by: Tracey Pretorius, Director, Trustworthy Computing

On April 8, 2014, security researchers announced a flaw in the OpenSSL encryption software library used by many websites to protect customers’ data. The vulnerability, known as “Heartbleed,” could potentially allow a cyberattacker to access a website’s customer data along with traffic encryption keys.

After a thorough investigation, Microsoft determined that Microsoft Account, Microsoft Azure, Office 365, Yammer and Skype, along with most Microsoft Services, are not impacted by the OpenSSL “Heartbleed” vulnerability. Windows’ implementation of SSL/TLS is also not impacted. A few Services continue to be reviewed and updated with further protections.

Microsoft always encourages its customers to be vigilant with the security of their online accounts, change their account passwords periodically and to use complex passwords. More information on how to create strong passwords is available here: Microsoft Security & Safety Center: Create strong passwords.

http://blogs.technet.com/b/security/archive/2014/04/10/microsoft-devices-and-services-and-the-openssl-heartbleed-vulnerability.aspx

(Visited 64 times, 1 visits today)