The "Heartbleed" exploit in the OpenSSL cryptographic software has been getting a ton of media attention this week, The issue has caused many software companies to quickly patch their OpenSSL-based products, and website administrators are urging customers to change their passwords.
In the middle of all this, Microsoft has quietly issued a post on its security blog that claims users of its many online services don't have to worry about "Heartbleed". The post states that the company has conducted a review of its online services this week following the discovery of the OpenSSL flaw.
The blog said:
After a thorough investigation, Microsoft determined that Microsoft Account, Microsoft Azure, Office 365, Yammer and Skype, along with most Microsoft Services, are not impacted by the OpenSSL “Heartbleed” vulnerability. Windows’ implementation of SSL/TLS is also not impacted. A few Services continue to be reviewed and updated with further protections.
Microsoft points out that all of its customers should be "vigilant" when it comes to checking on any of their online accounts and that they should change passwords on a frequent basis. Using strong passwords is also the best bet in terms of keeping their accounts safe from cyber attacks.
Source: Microsoft | Image via Microsoft