Yuri Diogenes collected a series of articles that summarize Microsoft’s official statement on the Heartbleed vulnerability.
Information on Microsoft Azure and Heartbleed
Official statement from Microsoft Azure: "Microsoft Azure Web Sites, Microsoft Azure Pack Web Sites and Microsoft Azure Web Roles do not use OpenSSL to terminate SSL connections. Windows comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed vulnerability." Read this article for more details.
Microsoft Services unaffected by OpenSSL "Heartbleed" vulnerability
Official statement about Microsoft services that are unaffected by OpenSSL "Heartbleed" vulnerability.
Information about HeartBleed and IIS
More information about this vulnerability and IIS running in all supported versions of Microsoft Windows Server.
Yuri’s post is located here: