The company goes on to note that it released an update in March that should protect against this vulnerability automatically (Microsoft Security Bulletin MS17-010).
In April, a group known as Shadow Brokers leaked NSA tools that were used to attack and break into Windows computers. As of today, it had spread to over 150 countries and reached more than 200,000 victims in an attack that exploited CVE-2017-0143, a Windows-based remote code execution (RCE) vulnerability.More news: Tottenham's Dele Alli plans to continue enjoying 'journey'
He argued there should be "a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them". It locks up Windows users' computers, and asks for a $300 ransom to unlock them, paid in bitcoin. Criminals used the NSA's leaked EternalBlue vulnerability to attack Windows machines with WannaCry ransomware.
Microsoft ended up distributing the free patch for the older versions on Friday - the day the ransomware was detected.
The WannaCry software is particularly virulent because it doesn't necessarily require users to take any action, like clicking a link or downloading software, to spread; it can also spread automatically through file-sharing systems on networks. Now, Microsoft is putting the blame for this attack directly on the governments who hid security flaws for their own benefit. "So making a payment does not mean you're going to get your data back", said Bossert.More news: Sweden drops prosecution against WikiLeaks founder Julian Assange
"The fact that so many computers remained vulnerable two months after the release of a patch illustrates this aspect. Otherwise they're literally fighting the problems of the present with tools from the past", it said.
Responding to the incident, the company's president and chief legal officer, Brad Smith, criticized the USA government's weaponizing of computer vulnerabilities, the leak of which enabled this attack, and the dangers of not informing tech companies about them. However, as of now, there is no patch for these older operating systems for the EsteemAudit vulnerability.
With more than 3,500 security engineers at the company, Microsoft said, it is fighting cybersecurity threats with constant updates to its Advanced Threat Protection service.More news: Jared Kushner's sister woos China's "golden visa" investors
Smith's statement made no mention of pirated Microsoft software, users of which can not download the security patch.
- Arsenal's Granit Xhaka doubtful for Southhampton clash due to injury
- Oil down as market stays well supplied despite OPEC cuts
- Trump White House enters a new state of denial
- Almodovar and Smith's comments on Netflix at Cannes
- 14th GST council meet starts in Srinagar
- Alibaba reveals $6 billion share buyback as misses EPS forecast
- Iran: New US Sanctions on Missile Work Show 'Ill Will'
- Roadside bomb kills 11; attacks kill 10 Afghan policeman
- CO man expected to be released from prison, arrested by ICE
- Paytm raises USA $1.4 billion from SoftBank