The company goes on to note that it released an update in March that should protect against this vulnerability automatically (Microsoft Security Bulletin MS17-010).
In April, a group known as Shadow Brokers leaked NSA tools that were used to attack and break into Windows computers. As of today, it had spread to over 150 countries and reached more than 200,000 victims in an attack that exploited CVE-2017-0143, a Windows-based remote code execution (RCE) vulnerability.More news: Sunderland goalkeeper can succeed De Gea says Manchester United legend
He argued there should be "a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them". It locks up Windows users' computers, and asks for a $300 ransom to unlock them, paid in bitcoin. Criminals used the NSA's leaked EternalBlue vulnerability to attack Windows machines with WannaCry ransomware.
Microsoft ended up distributing the free patch for the older versions on Friday - the day the ransomware was detected.
The WannaCry software is particularly virulent because it doesn't necessarily require users to take any action, like clicking a link or downloading software, to spread; it can also spread automatically through file-sharing systems on networks. Now, Microsoft is putting the blame for this attack directly on the governments who hid security flaws for their own benefit. "So making a payment does not mean you're going to get your data back", said Bossert.More news: Roadside bomb kills 11; attacks kill 10 Afghan policeman
"The fact that so many computers remained vulnerable two months after the release of a patch illustrates this aspect. Otherwise they're literally fighting the problems of the present with tools from the past", it said.
Responding to the incident, the company's president and chief legal officer, Brad Smith, criticized the USA government's weaponizing of computer vulnerabilities, the leak of which enabled this attack, and the dangers of not informing tech companies about them. However, as of now, there is no patch for these older operating systems for the EsteemAudit vulnerability.
With more than 3,500 security engineers at the company, Microsoft said, it is fighting cybersecurity threats with constant updates to its Advanced Threat Protection service.More news: Edouard named as French premier
Smith's statement made no mention of pirated Microsoft software, users of which can not download the security patch.
- Lakers Rumors: Possible trade packages for the second overall pick
- YouTube in the living room now supports 360-degree video
- FCC security manhandles a Washington reporter trying to ask a question
- Former senator Joe Lieberman said to lead pack for new Federal Bureau of Investigation director
- Trump approval at lowest level since inauguration
- Sweden drops prosecution against WikiLeaks founder Julian Assange
- 14th GST council meet starts in Srinagar
- Stanley Cup playoffs: Josi's late goal gives Predators 2-1 series lead
- Paytm raises USA $1.4 billion from SoftBank
- CO man expected to be released from prison, arrested by ICE