Brad Smith, Microsoft's top lawyer, criticized USA intelligence agencies for "stockpiling" software code that can be used by hackers.
On Wednesday security firms Bitdefender and Proofpoint found hackers using the same exploit to spread cryptocurrency-mining malware called Adylkuzz.
"We have seen vulnerabilities stored by the Central Intelligence Agency show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world", wrote Smith in a blog post on Sunday.
The ACLU, meanwhile, urged Congress to pass a law requiring the government to disclose vulnerabilities to companies "in a timely manner", so that they can patch them as soon as possible.
Avivah Litan, a cybersecurity analyst at Gartner, agreed that the government is "is negligent not doing a better job protecting companies", but added that it's not like "you can stop the US government from developing cybertools" that then work as intended.
If there's anything, Microsoft should indeed be appreciated for their response on the entire issue.
Microsoft ended up distributing the free patch for the older versions on Friday - the day the ransomware was detected.
Blaming Microsoft for not providing free custom support to its customers who were using old Windows software that may have slowed down "WannaCrypt" attack, a media report has said the tech giant charged a fortune for the custom support for older versions, including Windows XP that was discontinued in 2014.
Both hardware and software vendors often fail to account for future security flaws, and they sell firms expensive systems that eventually won't be able to receive patches.
As the technology surrounding the Internet of Things evolves, additional security layers will have to be incorporated in order to mitigate any vulnerabilities arising out of such complex connectivity. WannaCry, however, does not discriminate and has taken over not only general users' computers, but also large-scale organizations as well. Afterward, threats that the data will be destroyed or made inaccessible are made, if ransom has not been paid after a set period. Multiple backups also help.
"It's not rocket science", Litan said.
Critical medical computers throughout Britain's National Health Service were affected.
"The operating systems on our computers and software downloads are managed centrally so that regular users can not download executable files from the internet without administrative rights", he said in an email.
Even then, there are a number of precautions that people who insist on running outdated programs can take to greatly increase their security, such as running them in virtual machines, via emulators or behind firewalls, or disconnected from the web entirely.
Whatever the case, this second attack that went unnoticed for weeks proves the high degree of sophistication of such programs that were first developed by the NSA that would allow an attacker to easily install and propagate malicious software on computer networks.
He said that private sector companies in the city were regularly hit by ransomware virus attacks in the last five years and that around 70 percent of them were infected. If they caught, that is.