Quote:
Originally Posted by Bob Olhsson
This kind of thing is the downside of "free" open-source software.
|
Got this from:
http://www.zdnet.com/google-aws-rack...es-7000028281/
According to Microsoft, "most" Microsoft Services, including Microsoft Account and Azure, were not affected by the OpenSSL vulnerability and of course the Windows implementation of SSL/TLS were not impacted.
"Microsoft Azure Web Sites, Microsoft Azure Pack Web Sites and Microsoft Azure Web Roles do not use OpenSSL to terminate SSL connections. Windows comes with its own encryption component called Secure Channel (aka SChannel), which is not susceptible to the Heartbleed vulnerability," it said.
Microsoft's extensible web server IIS was not affected by the bug. However, that doesn't mean companies that run their websites on it won't be affected, largely due to the practice of employing a third-party load balancer — such as Amazon Web Services, which was affected by Heartbleed.
I will give the "open source" guys kudos for finding and putting out a fix for the issue quite quickly...but...
I think more than one IT manager may find his head on the chopping block for using "penny wise, pound foolish" open source stuff...and putting the future of the company in the hands of people who live in their mother's basement...