When release of Windows 10 is just round the corner, researchers at security firm Cyclance have discovered a vulnerability which affects all Windows version, not leaving it outside the loop. The vulnerability allows one to steal usernames and passwords of millions of Windows user.

The attack can be done by fooling a user to click a particular link which authenticates with a malicious server giving away the encrypted username and password. This way several details can be collected and later implemented using a brute force attack. However, this is even possible without a link by using man-in-the-middle attack by a background Windows program.

Experts around the world have claimed to not have a full-fledged solution to the problem yet. Companies like Adobe, Apple etc. have fallen prey to it. However it is still in question when and how will Microsoft fix the flaw.