Yuri Diogenes collected a series of articles that summarize Microsoft’s official statement on the Heartbleed vulnerability.
Information on Microsoft Azure and Heartbleed
Official statement from Microsoft Azure: "Microsoft Azure Web Sites, Microsoft Azure Pack Web Sites and Microsoft Azure Web Roles do not use OpenSSL to terminate SSL connections. Windows comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed vulnerability." Read this article for more details.
Microsoft
blogs.msdn.com
Microsoft Services unaffected by OpenSSL "Heartbleed" vulnerability
Official statement about Microsoft services that are unaffected by OpenSSL "Heartbleed" vulnerability.
Microsoft
blogs.technet.com
Information about HeartBleed and IIS
More information about this vulnerability and IIS running in all supported versions of Microsoft Windows Server.
Erez Benari
blogs.iis.net
Yuri’s post is located here:
http://curah.microsoft.com/64131/heartbleed-vulnerability-and-microsoft-productsservices
kurtsh
Kurt Shintaku's Blog 