Microsoft says SSL / TLS applications in all versions of Windows are vulnerable to attacks that exploit the FREAK defect.
This means that if you use Windows, an attacker on your network could potentially force Internet Explorer and other Windows programs that use the secure channel to use weak encryption over the web.
Degraded HTTPS connections can easily break, revealing sensitive information such as login cookies and banking information.
"OR Microsoft is aware of Schannel's vulnerability that affects it all supported versions of Windows.
"Our research has verified that the vulnerability could allow an attacker to force the downgrading of applications that use SSL / TLS connections to a Windows client system."
The company also says that at the time of writing there were no attacks!
The bug (CVE-2015-1637) in Windows' Secure Channel component is not thought to be under active attack by eavesdroppers at the time of writing.
Microsoft probably wants to reassure its customers, stating in a few words "vulnerability exists in all our systems but stay calm"
The vulnerability FRAK (Factoring attack on RSA-EXPORT Keys) as mentioned in a previous publication allows decryption of cookies and other sensitive information from HTTPS connections to vulnerable programs tours.
So far, its releases Google Chrome for OS X before version 41.0.2272.76 and for BlackBerry OS 10.3 are known to be vulnerable. Users can visit freakattack.com to check if they are safe.
We should also mention that hundreds of Cloud service providers have not patched the vulnerability. Skyhigh Networks reports that 766 cloud services were still at risk a day after the appearance by FREAK, based on an analysis he performed on over 10.000 different services.