Schannel Vulnerability Affects All Versions of Windows
Not a single Windows OS version is safe from a vulnerability recently disclosed by Microsoft itself. It is called Schannel, or Microsoft Secure Channel, and is especially dangerous for people running websites. Microsoft urges everyone to install its latest patch it released past Tuesday.
According to Microsoft, the hole is located in schannel security component that has to do with secure sockets layer and TLS protocols, or transport layer security, and translates into a possibility for the hackers to perform an attack by executing a code that would direct malicious traffic to servers based on Windows.
It is imperative you install the patch even if you do not run a website because all client versions of Windows are affected just the same, which means an attacker can execute a remote code on a laptop or desktop machine. This is also true for users that run Internet port monitoring software that accepts encrypted connections. An example of such software would be an FTP server on a Win 7 machine, or a Web server.
2014 has been a year when all major operating systems were found carrying long-term vulnerabilities, some dating as far as 18 years back like Poodle. Some vulnerabilities allowed adversaries bypass encryption while others allowed them to take over the vulnerable systems remotely. There are no reports from security companies of attacks on the wild that exploit schannel vulnerability yet, but that does not mean there aren't any.
So, install those updates when your Windows computer nags you about them!
Sources: Microsoft, ArsTechnica.