The Heartbleed vulnerability in OpenSSL (CVE-2014-0160) has received a significant amount of attention recently. While the discovered issue is specific to OpenSSL, many customers are wondering whether this affects Microsoft’s offerings, specifically Microsoft Dynamics online services.
This statement applies to the following Microsoft Dynamics online services:
- Microsoft Dynamics CRM Online
- Microsoft Dynamics Marketing
- Microsoft Social Listening
- Microsoft Dynamics Lifecycle Services
- Online Services for Microsoft Dynamics
At this time each of these services are confirmed secure from the Heartbleed vulnerability. More specifically, Microsoft Social Listening utilizes OpenSSL and was confirmed vulnerable, appropriate patches were applied and certificate rotation was completed. We recommend that all customers who are using a mobile platform and may be vulnerable, follow the guidance from their mobile operating system provider.
We want to assure our customers that we take your data and systems’ security seriously and hope that you find this update helpful.
For more information and corrective action guidance, please see the information from US Cert here.