Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Microsoft criticizes governments stockpiling software vulnerabilities following WannaCrypt ransomware attack

3 min. read

Published onMay 15, 2017

published onMay 15, 2017

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Last Friday, a global ransomware attack caught the world by surprise as the malicious “WannaCrypt” worm was targeting Windows-based machines across the world. Since then, the worm has spread toclose to 200,000 PCs worldwide, affecting utility companies and health services including the UK’s National Health Service (NHS).

Though Microsoft released a security update in March to patch the vulnerability on modern versions of Windows, the company quickly released another security update this weekend toaddress the security exploit on Windows XP, 8 and Server 2003. Since then, Microsoft’s Chief Legal Officer explained in ablog postyesterday that this latest cyberattack should be a wake-up call for governments, organizations, and consumers.

“This attack is a powerful reminder that information technology basics like keeping computers current and patched are a high responsibility for everyone, and it’s something every top executive should support,” explained Smith. But more importantly, the Chief Legal Officer criticized governments for stockpiling software vulnerabilities instead of reporting them to vendors. Because yes, the Wannacrypt worm is based on an NSA exploit codenamed “EternalBlue,” which was recently released on the Internet by a hacker group called the Shadow Brokers. Smith added:

This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.

Drawing a comparison with the international rules that apply to conventional weapons, Smith is urging governments to act more responsibly with what are basically cyber weapons. “We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits,” he explained. “This is one reason we called in February for a new“Digital Geneva Convention”to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them.”

As of today, the world is still figuring out if the worst is now behind us or if we should expect new attacks based on modified versions of the Wannacrypt worm. Smith said that Microsoft has been “working around the clock since Friday to help all our customers who have been affected by this incident,” and we’ll let you know if we learn anything new about the cyberattack.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Radu Tyrsina