How heartbleed affects the main OS on the market.
The Open SSL has been deprecated in 2011 by Apple so it is not affected by Heartbleed but they had their own security problem, petnamed "gotoFail“ just weeks before the OpenSSL flaw was made public.
"OpenSSL does not provide a stable API from version to version. For this reason, although OS X provides OpenSSL libraries, the OpenSSL libraries in OS X are deprecated“. [Source]
"Strictly speaking, versions of the Android platform — with the exception of Jelly Bean 4.1 and 4.1.1 — are not themselves vulnerable to Heartbleed because most of them don’t use OpenSSL or do so in a way that the flawed features are disabled by default. But individual apps often use OpenSSL, leaving them open to attack.“ [Source]
Still according to the same source, most of the application does not include usefull data so there is no real threat, except if you log into the app with your social media account (facebook twitter, etc.) or if you login with a password that you use on other account.
To check which Android version is running on your device and take the appropriate action check out this article.
Windows and Windows Server
Microsoft reassured the developer community in a post on technet and states that there OS are not affected by the breach. A blow on Linux server which dominate the market mainly for the security they offer.
"Microsoft Account and Microsoft Azure, along with most Microsoft Services, were not impacted by the OpenSSL vulnerability. Windows’ implementation of SSL/TLS was also not impacted.
We also want to assure our customers that default configurations of Windows do not include OpenSSL, and are not impacted by this vulnerability. Windows comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed vulnerability " [source].
Linux server representing statistically 67% of the web servers accessible through the internet are the main victim of the OpenSSL breach. An article dated from the 8th of April relates the early moment of the crisis at Red Hat and other Lnux vendors. The article available here gives also recommandation to ensure that the encryption of the data are not compromised. If you are running a linux server and have not taken action yet, this article is a must read.
How did IT department handled the crisis?
IT department were informed and got the corrected version of OpenSSL well before the news was made public as Leon Telander, CTO of BetIT group, explains in this interview. Once the encryption was safe they perform a thorough check of the activities on the server to detect potential breach but were able to determine that the security was not compromised.
What the users should do?
End user shall update as soon as possible their web browsers, as well as their mail client (outlook, thunderbird, etc.). Check with your different services provider if things are patched up. Don’t forget to change your password.
The heartbleed crisis acted as an eye opener and drew attention to lack of funding of the open source project. Tech giants such as Facebook, Google or Amazon, decided to finance a branch of the Linux foundation, the Core Infrastructure Initiative, to fund open source project in need. The first project is off course OpenSSL [source]. It’s good to see competitors collaborate to improve widely used open source tools, acknowledging the efficiency and usefulness of the open source community but recognizing also the needs for support to insure the quality and security of the code.