Report Alleges Microsoft Delayed Releasing Crucial WannaCry Patch, Risking Security

The devastating blows from the WannaCry ransomware attacks are becoming a fading memory. However, it’s high time we brought critical scrutiny to whether the harms could have been lessened or even completely avoided. In this context, Microsoft’s actions are of particular interest, primarily due to the fact that a vulnerability in its Windows operating system was the key exploit used in the attacks.

In response to the rising storm, Microsoft had issued a security patch in March itself, urging users to promptly update their software to remain shielded from threats. However, a recent report by the Financial Times has questioned this sequence of events. The report insinuates that Microsoft may have delayed the release of a free update for machines still operating on the older Windows XP system, forcing users to pay up to $1,000 a year for custom support instead.

Interestingly, as the attacks picked up speed, Microsoft rushed to release a free patch for Windows XP. By the time this ‘rescue operation’ was in action, however, countless users had been locked out of their systems, and were being extorted for a $300 ransom to regain control. This episode has been cleverly leveraged by Microsoft as an opportunity to convince businesses to upgrade to their more secure Windows 10 platform. However, many businesses remain hesitant to disrupt their workflow by introducing new software environments.

Considering the magnitude of the problem, it’s useful to keep in mind that about 90 percent of computers in the British National Health Service (NHS) run on Windows XP. Furthermore, it is no secret that NHS was one of the organizations worst hit by the WannaCry ransomware. Analytics firm StatCounter estimates that around 5.26 percent of Windows PCs were still using XP as of April 2017. A differing view from Net Applications puts the number at roughly 7 percent. Whichever the perspective, it all boils down to an alarming figure: around 79 million computers out of the approximate 1.5 billion machines running Windows globally.

In the grand scheme of things, the crux of the matter becomes apparent – could Microsoft have done more to prevent this large-scale invasion of privacy and financial extortion? Although the onus is also on the users to stay updated and apply patches as soon as they’re released, particularly for businesses, one can’t help but wonder about the sheer number of patient records in the NHS that may have been compromised due to this oversight.

This brings us back full circle to where we began. While the initial shock from the WannaCry crisis may have subsided, it’s sobering to remember that other versions have since emerged, proving harder to detect. Ultimately, as the age-old maxim advises us – the best offense is a good defense.