Smith said that Microsoft proposed in February a new "Digital Geneva Convention" that would include a new requirement for governments to report software vulnerabilities to vendors, rather than stockpile, sell or exploit them.
The subject of all of this hassle, the WannaCry worm has affected at least 200,000 Windows machines around the globe since Friday, leading to the disruption of systems from FedEX corp to Britain's National Health Service and even auto factories. Here's a quick look. And while Microsoft said it had already released a security update to patch the vulnerability a month earlier, it would appear that the NSA hadn't told the United States tech giant about the security risk until after it had been stolen.
Currently, there is no permanent fix that could end the wrath of this ransomware, but here are a few pointers that could help you in protecting your Windows PC if it has not been attacked yet.
"Clearly having the vulnerability be in Microsoft software was one of the key elements", said Steve Grobman, chief technology officer of McAfee, a security company in Santa Clara, California. Users of these older Operating systems are advised to upgrade as soon as they can and to turn Windows Update on if it's disabled.
"Users must update the patch MS-17010 provided by Microsoft using the source link http://technet.microsoft.com/en-us/library/security/ms17-010.aspx". This means that most government departments and businesses in the Middle East were closed, possibly averting mass disruption in a region where the use of Windows XP and 2003 operating systems is prevalent. Windows 10 was not affected by the WannaCry attacks. Microsoft says customers should exercise caution when opening mails from unknown persons.
"However, Microsoft made an exception for this current threat and issued patches just for this", added Udhav, noting if the patches were not installed they remain open to the WannaCry threat.
Microsoft has come out in defence of its role in Friday's on-going global cyber-attack, criticising the role of the US National Security Agency in creating tools that were subsequently leaked and then used in Friday's attacks.
The exploit surfaced online back in April with the Shadow Brokers data dump, which Microsoft had already patched on March 14. Case in point, the debit card breach that shook the Indian banking system in October 2016. Users might not be able to do much here. This particular weekend attack is a program called "WannaCry". Zero-day exploits are vulnerabilities, which even the companies have not discovered yet. According to reports, more than 100 systems of the Andhra Pradesh police have been affected by the ransomware.