This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Has Outlook and HOtmail fixed the heart bleed bug so that we now can change our passwords?
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
Thank heavens someone else had the same reaction as I. When I ask whether Hotmail and Outlook are safe, I expect a yes or no answer, not a bunch of gobbledegook. And when Microsoft didn't answer plainly the first time, I repeated the question -- only to get more gobbledegook! Sheesh!
Still doesn't answer the question to people who dont know jargon. Layperson users like me dont know what you are referring to by sayimg "Microsoft Account". Are hotmail and outlook part of Microsoft account?
Hi dedlnr and ChrisChin_qc,
Thank you for posting here in Microsoft Community. We understand that you have some concern with the heartbleed bug.
Microsoft account, along with most Microsoft services, were not impacted by the OpenSSL vulnerability. A few services continue to be reviewed and updated with further protections.
Feel free to post back if you have other questions.
Thank you.
Johan
So Hotmail and Outlook are not affected?
FYI
9 Apr 2014 10:17 PM
The Heartbleed vulnerability in OpenSSL (CVE-2014-0160) has received a significant amount of attention recently. While the discovered issue is specific to OpenSSL, many customers are wondering whether this affects Microsoft’s offerings, specifically Microsoft Azure. Microsoft Account and Microsoft Azure, along with most Microsoft Services, were not impacted by the OpenSSL vulnerability. Windows’ implementation of SSL/TLS was also not impacted.
Microsoft Azure Web Sites, Microsoft Azure Pack Web Sites and Microsoft Azure Web Roles do not use OpenSSL to terminate SSL connections. Windows comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed vulnerability.
