Earlier a bug was found on the OpenSSL cryptographic software library named Heartbleed.Now The IBM X-Force Research team has identified a significant data manipulation vulnerability (CVE-2014-6332) with a CVSS score of 9.3 in every version of Microsoft Windows from Windows 95 onward. This vulnerability is on the Microsoft secure channel that implements the SSL (Secure Socket Layer) and TLS (Transport Layer Security). Now Microsoft released a patch for this critical vulnerability which is present in all Windows versions.
From the Microsoft security bulletin
This security update resolves a privately reported vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server.
This security update is rated Critical for all supported releases of Microsoft Windows.
The bug dubbed WinShock has been graded as 9.3 out of 10 on the Common Vulnerability Scoring System (CVSS), a measure of severity in computer security.
So please apply the patch available. The patch will be available only for Windows Vista or higher versions of Windows. The windows XP users will not get this patch as microsoft stopped support of Windows XP in April 2014.
Read more here and here