On April 8, 2014, security researchers announced a flaw in the OpenSSL encryption software library used by many websites to protect customers’ data. The vulnerability, known as “Heartbleed,” could potentially allow a cyberattacker to access a website’s customer data along with traffic encryption keys.
After a thorough investigation, we determined that Microsoft Services are not impacted by the OpenSSL “Heartbleed” vulnerability. In addition, Windows’ implementation of SSL/TLS was not impacted.
Microsoft always encourages customers to be vigilant with the security of their online accounts, change their account passwords periodically and to use complex passwords. More information on how to create strong passwords is available here: Microsoft Security & Safety Center: Create strong passwords.
*This blog post was last updated on 4/23/14