The OpenSSL "Heartbleed" vulnerability and SQL Server


I just wanted to share with everyone that SQL Server is unaffected by the OpenSSL “Heartbleed” vulnerability:

Microsoft Services unaffected by OpenSSL “Heartbleed” vulnerability

It is unlikely that this vulnerability would affect SQL Server itself, because neither Windows or SQL Server use the OpenSSL software.

If there are any updates regarding this vulnerability, they will be released in the Microsoft Security Blog.

Comments (1)

  1. Pete says:

    The link says "Windows Services" is not impacted, which implies access to their web site/services.  And " In addition, Windows’ implementation of SSL/TLS was not impacted."

    I would like to see a statement that is more specific and explicit: "No version of IE, SQL, Sharepoint, IIS, Windows Server, WIn7, Win8, etc" are affected.  Is that a link to that somewhere.  Cisco did an excellent job listing ALL their products as safe or not.