The company goes on to note that it released an update in March that should protect against this vulnerability automatically (Microsoft Security Bulletin MS17-010).
In April, a group known as Shadow Brokers leaked NSA tools that were used to attack and break into Windows computers. As of today, it had spread to over 150 countries and reached more than 200,000 victims in an attack that exploited CVE-2017-0143, a Windows-based remote code execution (RCE) vulnerability.More news: Alibaba reveals $6 billion share buyback as misses EPS forecast
He argued there should be "a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them". It locks up Windows users' computers, and asks for a $300 ransom to unlock them, paid in bitcoin. Criminals used the NSA's leaked EternalBlue vulnerability to attack Windows machines with WannaCry ransomware.
Microsoft ended up distributing the free patch for the older versions on Friday - the day the ransomware was detected.
The WannaCry software is particularly virulent because it doesn't necessarily require users to take any action, like clicking a link or downloading software, to spread; it can also spread automatically through file-sharing systems on networks. Now, Microsoft is putting the blame for this attack directly on the governments who hid security flaws for their own benefit. "So making a payment does not mean you're going to get your data back", said Bossert.More news: China Trade Deal: Commerce Secretary Ross Breaks Down What to Know
"The fact that so many computers remained vulnerable two months after the release of a patch illustrates this aspect. Otherwise they're literally fighting the problems of the present with tools from the past", it said.
Responding to the incident, the company's president and chief legal officer, Brad Smith, criticized the USA government's weaponizing of computer vulnerabilities, the leak of which enabled this attack, and the dangers of not informing tech companies about them. However, as of now, there is no patch for these older operating systems for the EsteemAudit vulnerability.
With more than 3,500 security engineers at the company, Microsoft said, it is fighting cybersecurity threats with constant updates to its Advanced Threat Protection service.More news: Edouard named as French premier
Smith's statement made no mention of pirated Microsoft software, users of which can not download the security patch.
- Trump White House enters a new state of denial
- Sunderland goalkeeper can succeed De Gea says Manchester United legend
- Tottenham's Dele Alli plans to continue enjoying 'journey'
- Sharapova overcomes shaky start to beat McHale in Rome
- Paytm raises USA $1.4 billion from SoftBank
- 14th GST council meet starts in Srinagar
- Trump approval at lowest level since inauguration
- Iran: New US Sanctions on Missile Work Show 'Ill Will'
- Senators chase Fleury, rout Penguins in Game 3
- Oil down as market stays well supplied despite OPEC cuts