The company goes on to note that it released an update in March that should protect against this vulnerability automatically (Microsoft Security Bulletin MS17-010).
In April, a group known as Shadow Brokers leaked NSA tools that were used to attack and break into Windows computers. As of today, it had spread to over 150 countries and reached more than 200,000 victims in an attack that exploited CVE-2017-0143, a Windows-based remote code execution (RCE) vulnerability.More news: 14th GST council meet starts in Srinagar
He argued there should be "a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them". It locks up Windows users' computers, and asks for a $300 ransom to unlock them, paid in bitcoin. Criminals used the NSA's leaked EternalBlue vulnerability to attack Windows machines with WannaCry ransomware.
Microsoft ended up distributing the free patch for the older versions on Friday - the day the ransomware was detected.
The WannaCry software is particularly virulent because it doesn't necessarily require users to take any action, like clicking a link or downloading software, to spread; it can also spread automatically through file-sharing systems on networks. Now, Microsoft is putting the blame for this attack directly on the governments who hid security flaws for their own benefit. "So making a payment does not mean you're going to get your data back", said Bossert.More news: FAA's drone registration rule suffers major setback
"The fact that so many computers remained vulnerable two months after the release of a patch illustrates this aspect. Otherwise they're literally fighting the problems of the present with tools from the past", it said.
Responding to the incident, the company's president and chief legal officer, Brad Smith, criticized the USA government's weaponizing of computer vulnerabilities, the leak of which enabled this attack, and the dangers of not informing tech companies about them. However, as of now, there is no patch for these older operating systems for the EsteemAudit vulnerability.
With more than 3,500 security engineers at the company, Microsoft said, it is fighting cybersecurity threats with constant updates to its Advanced Threat Protection service.More news: Arsenal's Granit Xhaka doubtful for Southhampton clash due to injury
Smith's statement made no mention of pirated Microsoft software, users of which can not download the security patch.
- Jared Kushner's sister woos China's "golden visa" investors
- Roadside bomb kills 11; attacks kill 10 Afghan policeman
- Trump White House enters a new state of denial
- Edouard named as French premier
- Lakers Rumors: Possible trade packages for the second overall pick
- Arsenal players keen on Sanchez stay: Koscielny
- Almodovar and Smith's comments on Netflix at Cannes
- Sunderland goalkeeper can succeed De Gea says Manchester United legend
- Sharapova overcomes shaky start to beat McHale in Rome
- Alibaba reveals $6 billion share buyback as misses EPS forecast