mishtalk.com / Mike “Mish” Shedlock / May 14, 2017
A Microsoft blog post on Lessons From Last Week’s Cyberattack blasted the NSA and the CIA for for “stockpiling vulnerabilities” to exploit them rather than report them to Microsoft to be fixed.
The blast was well deserved. In its blog, Microsoft also discusses “shared responsibility” of users not keeping up to date with software. I certainly agree on that point, but there is no excuse for US government agencies to seek out these vulnerabilities and use them without reporting them.
Early Friday morning the world experienced the year’s latest cyberattack.
Starting first in the United Kingdom and Spain, the malicious “WannaCrypt” software quickly spread globally, blocking customers from their data unless they paid a ransom using Bitcoin. The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States. That theft was publicly reported earlier this year. A month prior, on March 14, Microsoft had released a security update to patch this vulnerability and protect our customers. While this protected newer Windows systems and computers that had enabled Windows Update to apply this latest update, many computers remained unpatched globally. As a result, hospitals, businesses, governments, and computers at homes were affected.
The post Microsoft Blasts NSA, CIA for “Stockpiling Vulnerabilities”: Criminal Negligence by NSA? appeared first on Silver For The People.