The hundreds of millions of individuals using PCs running Microsoft Windows received some disturbing news late last week, when Microsoft acknowledged that all supported versions of its operating system are vulnerable to “FREAK,” an encryption flaw that opens devices to potential “main-in-middle” attacks.

Up to that point, only Android and Mac devices were thought vulnerable to the flaw.

“Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system,” Microsoft said in a security advisory. “The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industrywide issue that is not specific to Windows operating systems.”

Although nearly a decade old, the FREAK flaw was discovered only recently by security researchers, according to Reuters. Standing for “Factoring RSA Export Keys,” FREAK allows attackers to force some websites to use intentionally weakened encryption, which can be be broken within a few hours. Once hackers break a site’s encryption, the door is wide open for them to then steal other data such as passwords, which can then be used to implement further attacks.

CNET reports that Microsoft will address the Windows flaw either in its normal Patch Tuesday, or with an out-of-cycle update.

So far, the researchers who discovered FREAK have found no evidence that any hackers have exploited the vulnerability.