Microsoft Azure Reportedly Not Impacted by Heartbleed Vulnerability

Microsoft Azure Reportedly Not Impacted by Heartbleed Vulnerability

The Heartbleed vulnerability in OpenSSL has been receiving a lot of attention due to its impact to over two-thirds of the Internet's websites. If you've been worried about whether Microsoft Azure has been impacted by the security flaw, then you're in luck. According to an official statement by Microsoft, the company states that that there's been no impact to Microsoft Azure.

Related: Microsoft Slashes Azure Prices to Match Amazon's Cloud Offerings

"Microsoft Account and Microsoft Azure, along with most Microsoft Services, were not impacted by the OpenSSL vulnerability. Windows' implementation of SSL/TLS also was not impacted," the blog stated.

Microsoft also noted that Microsoft Azure Web Sites, Microsoft Azure Pack Web Sites, and Microsoft Azure Web Roles do not use OpenSSL to terminate SSL connections. Instead, Windows utilizes its own encryption component, named Secure Channel or SChannel, making is so that these solutions are not vulnerable to Heartbleed.

Related: Microsoft Announces Slew of Improvements to Windows Azure at Build 2014

However, if you're running Linux images in Azure Virtual Machines, then there's the possibility that you may be using OpenSSL, which may be vulnerable. OpenSSL is a common library that provides encryption functionality on Linux.

For more information on how to protect your organization from the Heartbleed vulnerability, then see my article, "OpenSSL's Major Security Flaw: Protect Your Data with this Fix."

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish