Microsoft’s products were not affected by HeartBleed but this time, even if the criticity is far less, Microsoft’s products are in the scope.
This vulnerability (CVE-2014-3566) allows the plaintext of secure connections to be calculated by a network attacker. This issue has been discovered by Bodo Möller (Google Security Team) in collaboration with Thai Duong and Krzysztof Kotowicz.
Information on Microsoft Azure and Heartbleed
The Heartbleed vulnerability in OpenSSL (CVE-2014-0160) has received a significant amount of attention recently. While the discovered issue is specific to OpenSSL, many customers are wondering whether this affects Microsoft’s offerings, specifically Microsoft Azure. Microsoft Account and Microsoft Azure, along with most Microsoft Services, were not impacted by the OpenSSL vulnerability. Windows’ implementation of SSL/TLS was also not impacted.
