Sysadmins of the North
Don't forget to share this post!

Information about HeartBleed and IIS

Information about HeartBleed and IIS. Via Erez’s IIS Blog:

The Heartbleed vulnerability in OpenSSL (CVE-2014-0160) has received a significant amount of attention recently. While the discovered issue is specific to OpenSSL, many customers are wondering whether this affects Microsoft’s offerings, specifically Windows and IIS. Microsoft Account and Microsoft Azure, along with most Microsoft Services, were not impacted by the OpenSSL vulnerability. Windows’ implementation of SSL/TLS was also not impacted.

We also want to assure our customers that default configurations of Windows do not include OpenSSL, and are not impacted by this vulnerability. Windows comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed vulnerability.

Read more on Erez’s IIS Blog

For more information and corrective action guidance, see the information from US Cert: Vulnerability Note VU#720951: OpenSSL heartbeat extension read overflow discloses sensitive information.

About the Author Jan Reilink

My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, WordPress, websites & optimization. Want to support me and donate? Use this link:

follow me on:

Leave a Comment:

Skip to content GZ iL snjm iRpxY c RDV DpjmqPxC