Microsoft's software isn't immune to the rash of recent web encryption exploits, it seems. The company has discovered (and thankfully, patched) a Windows flaw that lets hackers use the software's Secure Channel technology, which handles SSL and TLS encryption, to compromise PCs. If you're susceptible, you only have to visit a maliciously-coded website to trigger it; after that, thieves can swipe cryptographic keys and theoretically spy on your communications. The vulnerability primarily affects servers (where a lot of encrypted traffic flows), but Microsoft warns that it also affects regular versions of Windows from Vista on up.

http://www.engadget.com/2014/11/13/w...security-flaw/