"We should never underestimate it", Choi said.
In the attack, hackers demand payment from victims in bitcoins to regain access to their encrypted computers. The malware primarily targeted users of Windows XP, which was launched by Microsoft in 2001.
Smith said the malicious WannaCrypt software "were drawn from the exploits stolen from the National Security Agency". "That theft was publicly reported earlier this year". The NSA did not immediately return a request for comment. If confirmed, it would be the first time cyber criminals had obtained an NSA cyber tool and used it for criminal purposes.
As a new cyber attack continues to sweep across the globe, the company is once again at the center of the debate over who is to blame for a vicious strain of malware demanding ransom from victims in exchange for the unlocking of their digital files.
That malware also is believed to have been captured by hackers.
On top of that, critics say, the government didn't notify companies like Microsoft about the vulnerabilities quickly enough.
The largest number of WannaCry attacks occurred in Russian Federation and Ukraine. We have seen vulnerabilities stored by the Central Intelligence Agency show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.
"The governments of the world should treat this attack as a wake-up call". "Software updates and security patches are pushed to us as needed so that we are using the most current approved versions of software on our computers".
On top of that, the NSA would likely be able to claim that it is shielded from liability under the doctrine of sovereign immunity, which says that the government can not be sued over carrying out its official duties.
Malware requests payment in Bitcoins because they are safe, and can not be tracked by cyber security researchers or law enforcement agencies.
Bossert, the White House homeland security adviser, defended the government's handling of known security vulnerabilities.
"As software has become ever more complex, interdependent and interconnected, our reputation as a company has in turn become more vulnerable", Gates wrote in an email to employees identifying trustworthy computing as Microsoft's top priority. "That's something that we do when we know of the vulnerability, not when we know we lost the vulnerability".
Udhav said WannaCry is one of the viruses which exploits this vulnerability adding,"No operating system is completely secure be it Windows, Mac or Linux or others, but there are certain OSs that are more susceptible to such attacks due to their popular usage and subsequent research carried on them". If using Windows, don't disable automatic Windows updates. There are almost 150 million computers running Windows XP operation system globally.
According to the company, "customers who are running supported versions of the operating system (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016) will have received the security update MS17-010 in March".
While businesses that failed to update Microsoft's Windows-based computer systems could be sued over lax cyber security, Microsoft itself enjoys strong immunity from lawsuits. Brad Smith, Microsoft's top lawyer, criticized US intelligence agencies for "stockpiling" software code that can be used by hackers. The illegal software can not be easily updated.
The source of the attack is a worrisome issue for the USA government because the software is based on cyber-tools developed by the National Security Agency (NSA).
"Alleged" because, in April, a group called the Shadow Brokers released hacking tools that "they said" they got from the NSA.