CATEGORIES
home News

Microsoft Blames Government Stockpiling Of OS Exploits For Global WannaCrypt Outbreak

by Rob WilliamsMonday, May 15, 2017, 02:38 PM EDT

Last Friday, we reported on a major cyberattack involving ransomeware that hit a large number of computers - including some belonging to the UK's National Health Service. At first, the malware's reach wasn't too clear, but as the weekend went on, we learned that the number of affected PCs reached at least 200,000 worldwide. Given the nature of this beast, that is downright terrifying.

Wanna Decryptor Malware

The big question right now is, "Who's at fault?" The blame could easily be shifted to Microsoft, as the bug that allowed this to happen was directly attributed to its own code. While the company is to be commended for releasing a rare Windows XP patch to help squash the bug, it comes a bit too late. Microsoft knew about this vulnerability since at least March, and given that it seems a huge number of affected PCs were running outdated versions of Windows, the company could have been proactive and issued an emergency patch before it was too late.

Microsoft, however, is placing the blame on the US government and its National Security Agency. While the bug existed in Windows, the tool was developed in-house at the NSA, and then stockpiled along with a trove of other exploits. The NSA knew about the potential of this exploit long before Microsoft or the public did, but chose to keep it close to its chest rather than report it. The NSA clearly didn't want the bug fixed; it wanted to exploit it.

Windows XP
Windows XP received a belated patch to defend against Wanna Decrypter

Some might believe that it'd be a-OK for the NSA to store these exploits as long as they don't make their way out of the agency, but this debacle was the direct result of a leak. The NSA might boast about its defenses, but the fact of the matter is, we've seen exploits and documents trickle out of the agency on multiple occasions.

Microsoft President and Chief Legal Officer Brad Smith likens an exploit like Wanna Decrypter leaking out to the US military having some of its Tomahawk missiles stolen. If that sounds outlandish, ponder the fact that a staggering 200,000 computers have been infected with malware that demands $300 worth of Bitcoin to clear; otherwise, data is gone. It wasn't only user PCs affected here, it was hospitals. If the NSA hadn't developed a tool to exploit the issue, or had notified Microsoft of the issue when it was first discovered, those 200,000 (and counting) PCs wouldn't have been compromised.

In the span of just a few short days, we've really received our biggest wake-up call ever that computer security today is not where it needs to be.

Tags:  Microsoft, Windows, vulnerability, exploit, (nasdaq:msft), wannacry
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment