Two days after a National Security Agency-derived ransomware worm infected 200,000 computers in 150 countries, Microsoft on Sunday criticized the stockpiling of exploits by government spies, warning it results in damage to civilians.
The unusually blunt message from Microsoft President and Chief Legal Officer Brad Smith came after a weekend of tense calm, as security professionals assessed damage from Friday’s outbreak and braced themselves for the possibility of follow-on attacks that might be harder to stop. It also came 24 hours after Microsoft took the highly unusual step of issuing patches that immunize Windows XP, 8, and Server 2003, operating systems the company stopped supporting as many as three years ago.
Sunday’s salvo tacitly noted the NSA’s key role in Friday’s attack, which copied almost verbatim large sections of two highly advanced hacking tools that were stolen from the NSA and leaked to the world at large last month by a mysterious group calling itself Shadow Brokers. In the post, Smith wrote: