Microsoft Partner Network

Microsoft Azure nicht betroffen von Heartbleed

Markus-Steiner   10. April 2014 14:14 Kommentare (0) Tags:  Feed Tag,  Feed Tag,  Feed Tag

The Heartbleed vulnerability in OpenSSL (CVE-2014-0160) has received a significant amount of attention recently.  While the discovered issue is specific to OpenSSL, many customers are wondering whether this affects Microsoft’s offerings, specifically Microsoft Azure. Microsoft Account and Microsoft Azure, along with most Microsoft Services, were not impacted by the OpenSSL vulnerability. Windows’ implementation of SSL/TLS was also not impacted.

 

Microsoft Azure Web Sites, Microsoft Azure Pack Web Sites and Microsoft Azure Web Roles do not use OpenSSL to terminate SSL connections.  Windows comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed vulnerability.

 

OpenSSL is a common library on Linux for providing encryption functionality.  Customers running Linux images in Azure Virtual Machines, or software which uses OpenSSL, may be vulnerable.  We recommend that all customers who may be vulnerable follow the guidance from their software distribution provider.  For more information and corrective action guidance, please see the information from US Cert here.

 

Kommentar schreiben

biuquote
  • Kommentar
  • Live Vorschau
Loading

Datenschutzhinweis: Sie stimmen durch "Kommentar speichern" der Speicherung Ihrer Angaben durch Microsoft Österreich für die Beantwortung der Anfrage zu. Sie erhalten dadurch keine unerwünschten Werbezusendungen. Ihre Emailadresse wird auf Ihren Wunsch dazu verwendet Sie über neue Kommentare zu informieren.

Microsoft respektiert den Datenschutz. Datenschutz & Cookies