The bug could allow attackers to silently force a browser-server connection to fall back to long-discarded encryption standards, those guarded by keys relatively easy to crack. “Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows, Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system.”they said. Microsoft listed every still-supported version of Windows as affected by the bug and probably will provide soon a patch. Is almost sure this willl not be offered to XP users. This is the current list of browsers that need patching: Internet Explorer; Chrome on OS X (patch available); Chrome on Android; Safari on OS X (patch expected next week); Safari on iOS (patch expected next week); Stock Android browser; BlackBerry browser; Opera on OS X; Opera on Linux.
