Azure Cloud Computing Platform Safe from Heartbleed Bug, Says Microsoft

azure
Microsoft Azure Cloud Computing

Microsoft commends the Windows based Microsoft Azure cloud computing platform safe from the biggest security bug heartbleed.

This was announced by Microsoft Corporation, the software giant and the strong supporter of windows based cloud computing services that, its cloud computing platform Azure is fully safe from the heartbleed openSSL bug that created havoc in the domain of internet and cloud computing recently. The statement further informed that the OpenSSL flaw has no impact on the Microsoft cloud computing platform Azure. The announcement came via the official blog of the senior director security incident response unit of Microsoft Azure cloud computing platform, Mr. Andrew Cushman.

He further explained that the Microsoft does not implement the OpenSSL in the termination of SSL connections on the website, which is the main reason that the services of Microsoft Azure cloud computing platform are safe from the nasty bug of heartbleed. He wrote in his official blog that, “Microsoft Account and Microsoft Azure, along with most Microsoft Services, were not impacted by the OpenSSL vulnerability. Windows’ implementation of SSL/TLS (Secure Sockets Layer/Transfer Layer Security) was also not impacted”. He further added, “Windows comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed vulnerability.”

While writing about the technicalities of the security mechanism, he wrote that the people who run Linux server images on the Microsoft Azure platform’s virtual machines, or those who run applications that use OpenSSL as the security encryption may be some vulnerable to the threat posed by the heartbleed. Meanwhile, he maintained that the OpenSSL bug issue is mostly related to the virtual machines that run Linux. Therefore, it is more critical for those services that use the Linux open source platforms in the cloud computing services rather than the windows based services.

This very important to note that the heartbleed term was coined by the Codenomicon company a few days back that referred to the potentially dangerous bug in the open source secure socket layer SSL that has a serious bug, which can be exploited to scan the passwords and personal information during the course of transportation of the data over the internet. Many companies including Google Corporation are patching their cloud computing as well as other services. “The company has assessed this vulnerability and applied patches to key Google services such as Search, Gmail, YouTube, Wallet, Play, Apps and App Engine” wrote the Google product manager in his blog a couple of days back after this vulnerability was disclosed.

Vexxhost Cloud Hosting have a very successful tutorial on the blog on How to Fix OpenSSL Heartbeat on CentOS or Ubuntu.