WannaCrypt Ransomware Windows Patch: Microsoft Tells Government To Stop Hoarding Security Vulnerabilities
Microsoft responded to the WannaCrypt (WannaCry) ransomware attack that hit computer systems around the world Friday by emphasizing the need for taking precautions to protect against attack and urging governments to stop hoarding exploits for security vulnerabilities.
Brad Smith, Microsoft’s president and chief legal officer, renewed his call for a “Digital Geneva Convention” in a blog post about the WannaCrypt attack and warned governments around the world to treat the attack as a wake-up call.
Read: Digital Geneva Convention: Microsoft Calls For Framework For Cyber Warfare Between Nation States
Smith also noted that Microsoft released a patch nearly two months prior for the very vulnerability the WannaCrypt ransomware exploited, but a failure to install the patch left hundreds of thousands — if not millions — of computers around the world vulnerable.
Microsoft pushed out additional emergency patches for older systems — including machines running Windows XP, which hadn’t received an update since 2014 — to combat the global attack.
But the company’s president insisted Microsoft and its team of security experts can’t protect everyone without some participation from users as well.
“This attack demonstrates the degree to which cybersecurity has become a shared responsibility between tech companies and customers,” Smith said. “As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems.”
Instead of a security patch, it was a 22-year-old security researcher who was able to stop the attack after discovering a “kill switch” domain that, when online, would stop the spread of the ransomware.
While Microsoft called for more participation from users and companies to keep their systems up to date and protected, it also called for governments to stop stockpiling security vulnerabilities as weapons.
In the case of the WannaCrypt attack, a tool developed by the U.S. National Security Agency was used to spread the ransomware to unpatched computer systems around the world. That tool was stolen and made available by the Shadow Brokers, a hacking group that has released several caches of files from the government agency.
Microsoft said the hoarding of exploits just puts users at risk when the vulnerabilities aren’t disclosed — especially when that information is stolen or leaked and made available for hackers to use freely with no protections in place.
“An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen,” Smith said. “The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world.”
Smith reiterated Microsoft’s belief that there needs to be a “Digital Geneva Convention” to help regulate actions in cyberspace. The company also pushed for a requirement for governments to disclose exploits so companies can protect users, rather than allowing the vulnerability to exist without a fix in place and putting more people at risk.
© Copyright IBTimes 2024. All rights reserved.