Microsoft has issued a blistering attack on the US government after a software vulnerability stockpiled by the National Security Agency (NSA) and later stolen by hackers paralysed NHS hospitals and thousands of other organisations.
The firm’s chief legal officer likened the theft of the vulnerability, which NSA engineers developed in secret to target Windows computers, to the theft of US military missiles.
Brad Smith wrote in a blog: “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.
“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.”
Smith added that Microsoft was once again calling for a “Digital Geneva Convention” to urge governments to report vulnerabilities to software firms, rather than storing them so they can break into computers.
In March, just weeks before the agency’s cache of exploits were stolen and leaked online, Microsoft patched the flaw in its Windows operating system. But not all users updated their software, leaving their computers vulnerable to the ransomware when the virus started spreading on Friday.
The NHS was arguably dealt the biggest blow as the WannaCry ransomware infected computers in more than 70 countries around the world.
Hospitals and GP surgeries were forced to turn away patients as the ransomware seized control of computers.
The virus locked down thousands of devices, demanding the equivalent of $300 in bitcoin as ransom, before a 22-year-old accidentally stalled its spread.
It was feared that a second wave of cyber attacks would strike the NHS on Monday as staff returned to work and turned on their computers. But health secretary Jeremy Hunt has said such fears have not materialised.