Heartbleed: What you need to know

On April 8, 2014, security researchers announced a flaw in the software that is used to protect your information on the web. The vulnerability, known as “Heartbleed,” could potentially allow a cyberattacker to access personal information.

After a thorough investigation, Microsoft determined that Microsoft Account, Microsoft Azure, Office 365, Yammer, and Skype, along with most Microsoft Services, are not impacted by the “Heartbleed” vulnerability. A few services continue to be reviewed and updated with further protections.

We encourage you to be careful what information you provide to websites and help protect the security of your online accounts by using different passwords for different websites, changing your passwords often, and making your passwords as complex as possible.

For more information, see Microsoft Services unaffected by Open SSL “Heartbleed” vulnerability.

About the Author
Eve Blakemore

Group Manager, Trustworthy Computing

Eve Blakemore is a Group Manager for Trustworthy Computing who delivers consumer guidance around the latest trends in security and privacy. Eve joined Microsoft in 1998 and has worked in corporate and field roles with Microsoft Learning, US Public Sector, Read more »

Join the conversation

  1. Anonymous

    No, this is not, "what we need to know"!

    We need to know which non-MS websites are affected, and which software installed on Windows OS is vulnerable.

  2. Anonymous

    "Are not impacted" meaning "were never vulnerable", or meaning "were vunerable, but it was fixed, and you should probably change your passwords"? Those are two very different things.

  3. Anonymous

    I have in the past few days had to resign into my hotmail account, the question I have is that it keeps asking me to secure my account by providing a phone number or alternate email address and that I have only 4 days left to do this. What if I do not wish to provide my phone number or don't have an alternate email, address? Will I be locked out of my account? Is this a phishing scam?

  4. Anonymous

    The following email was sent to me. I clicked on it and it wanted me to download a label. I was scared to as I don't recognize this email address. I googled Novintah and got nothing. Plus it's an international company and why would I be receiving a package from them. Made me suspicious and didn't know how to report.

    on behalf of; Mail International [customer.id73@novintahlilgaran.ir]



    Our courier couldnt make the delivery of parcel to you at 07th April 2014.

    Print label and show it in the nearest post office.

     Print a Shipping Label NOW

    USPS | Copyright 2014 USPS. All Rights Reserved.

    BBC Latest News:

    VIDEO: 'Your ladybirds are in the post'

    Ladybirds are a good, natural way to combat garden pests, according to one wildlife expert.

    The Scottish National Party at 80

    The ups and downs of Scotland's independence party

    Football: Chelsea rally stuns PSG

    No one was counting out Chelsea after it lost to Paris Saint-Germain in the first leg of their Champions League quarterfinal. Sure enough the Blues advanced thanks to an out-of-favor striker. Real Madrid also progressed.

  5. Anonymous

    I've been trying to log into my Hotmail account and it won't let me.  It sends me to a site where I have to put in personal information so that Microsoft can verify my account and me.  It even asks for the last 4 of a credit card.  That ain't happening.  Hence, I suspect I've got a nasty little virus floating around and I'm not the only one having the problem.

  6. Anonymous

    I have the same question/issue as Daniel above.  What is up?  It looks fishy.  If you click on next to delay it, it says the system is temporarily down.???

  7. Anonymous

    I  too am having the same problem as "Daniel!!  Suddenly my old Internet Expl;orer 8 wants me to sign in with a password and then wants further security with a "code" to be sent to me at my old in longer wroking telephone numbers and I do not seem to be able to update the phone numbers.  HELP1

  8. Anonymous

    I'm also wondering what sites were affected. Some of the sites I visit, I'm not sure whether they're safe or if they were open to the heartbleed.  And it makes me worry what sort of information thy could have received from my computer.

    And if certain software is vulnerable, that would be helpful. I have Windows programs, and Adobe Photoshop, and OpenOffice.

    At any rate, since I'm not certain what was and wasn't affected, I just changed the passwords on a lot of my accounts.

  9. Anonymous

    I'm sick of Microsoft trying to force people to buy Windows 8. If Ubuntu would support the software I need for my business, I would dump windows in a heartbeat. These vague statements about Heartbleed are not helping anybody. Why can't these programs/operating systems be created without security holes? Spend a little more time, and do it right. Win XP was and is a great OS, even if old. Win 7 a great OS. Win ME, Vista, Win 8 – all terrible from a consumer standpoint. Pay attention! We are the ones spending our very hard to come by money to buy your products. Most people use Windows as a platform to operate 3rd party software that suits their particular needs.

  10. Anonymous

    I discover S after http,and dont know how this has come and how to get rid of it. I have never asked for OSSL What to do?.

  11. Anonymous

    Daniel, I doubt that Microsoft would ask for such information so I'm guessing it's a scam. I would change my password on the Hotmail account.

  12. Anonymous


    I believe MS requires that you have a 2nd email address OR a phone number, for you to be able to recover your password.  Not a phishing scam, 'tis the modern era of mandatory big data collection.  But to be fair, the 2nd email address thing is easy and very useful in case you either lose your password, or more probably, your account ever gets compromised (happens to everyone at some point).  Worst case just created a Yahoo or Gmail alternate email that you don't use, with a false name, and you'll be ok.

  13. Anonymous

    So, those three are OK.  What about Outlook?  MSN.com?  Hotmail?

    You know, those sites where passwords get used all the time.

  14. Anonymous

    This is not a very encouraging "What you need to know" post.  I agree with Maetib. What services (SSL comes screaming to mind) on windows OS is vulnerable.

  15. Anonymous

    This is for Tina: I too got an email wanting me to print a label, etc. Go on the USPS website and you will see that this is a scam.

    Anyone else getting phone calls purporting to be "helping" microsoft customers out by allowing THEIR tech into the customers computer to fix the latest security breach? Mine was an 855 area code with a woman who had a very thick accent. She tried to talk a good game about the urgency of the situation. Please warn your family and friends. Some people might fall for this.

  16. Anonymous

    I had a call from a man who he said he worked for Windows and that my hard drive had some problems that they had seen and he wanted to fix them over the phone, it didn't happen, is supervisor is going to call back later tonight because I could not understand is words, so how does one identify if this is for real or not, I cannot seem to find any e-mail contact for Windows.

  17. Anonymous

    I cannot get into my Hotmail account.  Asking me to re sign in.  Will not accept my information and I aget blocked out.  I'm a senior and not up on this.  I have a MAC BOOK and didn't think I used Windows but I don't know.  How do I get help.?

  18. Anonymous

    James — NO one from Microsoft is going to call you that way.  Do not allow them to do anything, don't download anything they suggest.  Microsoft services do not call you out of the blue and say 'Your hard drive has a problem', it's not the way support works.  

    You might want to review the article on Fraudulent Emails and other scams that invoke the Microsoft name, which you can find on the Microsoft.com/Security site, under Privacy / Protect yourself from Scams.  

    Please be careful!

  19. Anonymous

    I have been locked out of my hotmail account since Saturday. I have answered all the security question on how to restore your password. I keep getting the response that I have tried to many times today and to try back tomorrow. I have not been able to get any customer chat support regarding this matter. How do you get into your account?

    When I tried to log in on Saturday it was Hotmail that said my account maybe hacked and to change my password which I did they were to text me a code i made several request then i received a code but after entering the new password i was asked to change it again. I really need help getting into my account it contains everything I need for my job.

  20. Anonymous

    It has been a few years now and still i am getting spam from my yahoo email account. I changed my password several times but still receive those spam/junk mail. How is it that they can do this? I have called yahoo and at&t and they both say to call the other for help. Noone seems to know how to fix. Is anyone else having similiar problems? Please post a fix

  21. Anonymous

    Today is the first day I seem to remember in a week or possibly 10 days that I can remember waking up to something other than a blue screen or black screen and spending less than 4-5 hours debugging and screwing around with this mess.  

    And sure and sh**, the stupid blue screen reappeared a few hours after I awoke.  

    This is bullshi**

    Get off your collective rear ends and do something, before we throw these machines out the window driving down 280 and go back to licking stamps.  It was easier to write things down in a notebook, journal, keep a checkbook, whatever.  This is unnecessary and so much of a hassle I'm ready to chuck all the computers out the sunroof while I fly down the highway~~not kidding.  

  22. Anonymous

    I have the same problem as Daniel.  Today is my last day.  It gave me 7 days to provide a cell number. I don't know what to do?  Is this true?  I gave me daughter my msn name and password and she tried on 3 computers from her house and it didn't display what I'm getting

  23. Anonymous

    I have the same issue with not being able to get in to my account. Old second acct was no longer used, but I couldn't remove it. I created another and they keep saying they verified me as being the account owner and sending a security code, but the code won't work. So I kept at this runaround all day and now it just says I've tried too many time and won't let me go anywhere near it. We're  being overprotective, it says!! Frustrating as I have tax receipts coming there that I need to get to!!! If they were just trying to update security, they sure as h*** didn't do it very well!

  24. Anonymous

    I experienced that run around with a (lightly-used) hotmail account I had. I don't remember how I finally managed to get in but was so frustrated and uncomfortable about it all, I closed the account…I think!  I agree, everything looked VERY fishy!  ???

    My major problem is that I frequently get email that appears to be from people I know, but the comment (or lack of) in the subject area doesn't make sense, or it's from people from whom I don't expect to hear. The first time this happened, there was only a url 'link' in the content area.  I must have opened it because I seem to remember the suggestion to join some 'opportunity' (not!).

    Fwiw, I think 'Authentication' (rather than phishing or spam) is the violation-term MSN uses to describe the above.  Good luck.

  25. Anonymous

    I'm guessing that Mac users don't have these problems with invasions/viruses.  My situation is that a hacker has compromised my system by disableing my Windows Firewall which took some time to discover, so EVERY TIME I start up the computer I have to go into the Control Panel to check it back on, even though I have ALWAYS had the "No Exceptions" box checked.  They got my SS#, credit card #s and God only knows what else.  It's all been a nightmare!!!!!  I'm going to get a Mac to use for all internet have to's, change passwords every 3 months (a real headache).  And even though I have 2 virus scanning packages,Kaspersky and Viper, they got past both of them as well. Now both are now at the highest levels possible, the next lower level obviously wasn't enough.  

    Just a question, have "authorities" EVER caught a major league hacker? I don't remember ever hearing about an arrest.  

    If this doesn't work I'm going back to pen and paper, envelope and stamp and claim no understanding of all this "innovation that saves so much time" until they learn how to make it secure.

  26. Anonymous

    My security form is not running correctly. I do have 4 green dots but I also have two red dots on the line which says Malware. The form says there is no viruses found on my computer but yet I get a warning that my security services need to be checked. A red x appears on the bottom bar.

    I have also noticed that windows defender has appeared by itself and is supposedly working as security in place of the Malware. This has corrupted my security readings and I cannot add any other security such as Microsoft security essentials to protect my computer. So it seems that I need to remove Windows defender but am unable to. Can u help me?

  27. Anonymous

    keep getting program aported for my home page

  28. Anonymous

    I agree with Mike, XP was and would have continued to be a solid OS if Microsoft hadn't quit supporting their only OS that allowed the end user total autonimity. By forcing it's consumers to "upgrade" to a newer OS, Microsoft is forcing its Windows users to be vulnerable to security issues. Microsoft has not spent enough time developing and testing any of their "newer" OSs or we wouldn't be having all these issues.

  29. Anonymous

    I have seen 3 different emails about shipping, 2 from Priority Shipping and one from UPS. All are junk. The phone call from Microsoft Service came this morning. What is a reasonable amount of caution in this world?

  30. Anonymous

    you and the market place.  have car will travel don't need the net.  think i'll save my money for an apple

  31. Anonymous

    Got a call from a 212area code  number,gentleman with a strong accent saying he was from Microsoft  Tech and wanted to help me fix security problems on my computer. Is this legit?

Comments are closed.