After software vulnerabilities exploited and leaked by the NSA were used by cyber criminals to infect as many as 200,000 Windows PCs with ransomware over the last three days, Microsoft has criticized government agencies for concealing those flaws.
One particular vulnerability in Windows, leaked by a shady crew called Shadow Brokers, was used by the WannaCry hackers to give their ransomware a worm feature, allowing it to spread between vulnerable PCs silently and at speed.
That flaw was exploited by a tool called EternalBlue and patched by Microsoft in mid-March, but those who did not apply the update were still open to attack, resulting in the mammoth attack starting Friday that infected 48 UK National Health Service trusts, FedEx, Telefonica, Renault and Nissan car manufacturing plants, US universities, Russian governments and Chinese ATMs, among many other systems across 150 countries, Bloomberg reported.
Microsoft president and chief legal officer, Brad Smith, said by keeping software weaknesses secret, vendors are left in the dark, can't issue updates and their customers are left vulnerable to attacks such as the one that exploded this weekend. Smith compared the leak of NSA exploits to the theft of missiles from the American military, pointing to the WikiLeaks dump of CIA hacking tools.
"An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen.” Smith wrote in a blog post published on Sunday.
Add new comment
Read our comment policy before posting your viewpoints