Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • Servers

    Microsoft Says Azure Cloud Services Safe From Heartbleed SSL Flaw

    By
    Pedro Hernandez
    -
    April 11, 2014
    Share
    Facebook
    Twitter
    Linkedin
      security

      Microsoft has a silver lining to share during the Heartbleed crisis, at least for users of its Azure cloud services.

      Addressing concerns about the OpenSSL flaw and its potential effects on Microsoft’s expansive cloud services slate, the software giant revealed that Azure was safe from Heartbleed, Andrew Cushman, senior director of the Security Incident Response unit for Microsoft Azure, wrote in an April 9 blog post.

      “Microsoft Account and Microsoft Azure, along with most Microsoft Services, were not impacted by the OpenSSL vulnerability,” Cushman wrote. “Windows’ implementation of SSL/TLS [Secure Sockets Layer/Transfer Layer Security] was also not impacted,” he added.

      His company does not employ OpenSSL to terminate SSL connections on Azure Web Sites, Pack Web Sites and Web Roles, Cushman wrote. “Windows comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed vulnerability.”

      Not all Azure customers are out of the woods, cautioned Cushman.

      “Customers running Linux images in Azure Virtual Machines, or software which uses OpenSSL, may be vulnerable,” he said. OpenSSL is commonly used on Linux-based servers. The company added support for Linux virtual machines to Microsoft Azure (formerly Windows Azure) in 2012.

      It has not been a good week for the Internet at large, following the revelation that an encryption flaw called Heartbleed had been present in OpenSSL for two years before it was disclosed on April 7. The vulnerability affects roughly two-thirds of the world’s Websites, a staggering estimate that has thrown Internet, e-commerce and cloud providers into a state of high alert.

      The aptly-named Heartbleed vulnerability in OpenSSL (CVE-2014-0160), which sports a spot-on logo from security research firm Codenomicon, is present in the 1.0.1 version of the open-source Secure Sockets Layer (SSL) encryption service. Its name is derived from “TLS heartbeat read overrun,” a bug in OpenSSL’s TLS/DTLS (TLS/Datagram TLS) heartbeat extension.

      If exploited, Web servers and clients could potentially “bleed” the contents of data stored in memory. The flaw has been patched in the hastily issued 1.0.1g update, and at least one major cloud provider has moved to stem the potential fallout.

      Matthew O’Connor, a Google product manager, wrote in an April 9 blog post that his company had “assessed this vulnerability and applied patches to key Google services such as Search, Gmail, YouTube, Wallet, Play, Apps and App Engine.”

      Google Chrome, Chrome OS and Android, with the exception of Android 4.1.1 (Jelly Bean), are not affected, said O’Connor. Google last reported that patches were being applied to Cloud SQL and a fix for Google Search Appliance was in the works. Google Compute Engine customers are urged to manually update OpenSSL on their instances.

      Avatar
      Pedro Hernandez
      Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the Internet.com network of IT-related websites and as the Green IT curator for GigaOM Pro.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×