In the wake of the WannaCry attack, Cesare Garlati, Chief Security Strategist at prpl Foundation, gives a reason on why Microsoft failed to release the fix for older Windows systems.
Cesare Garlati, Chief Security Strategist at prpl Foundation:
“Most of the vulnerabilities released by the Shadow Brokers affect Microsoft end-of-lifed products. As such MSFT has no commercial interest in fixing any issues. End users should either buy newer versions of these products or depart from the old proprietary software model and embrace open source alternatives. Open source software is always “fresh” and security fixes are released in quasi real time – see for example Linux Debian.”
Cesare also gave comment on the issue of vulnerability hoarding saying:
“In a world of cyber warfare vulnerabilities/exploits are weapons. No surprise governments are stockpiling vast arsenals of cyber weapons – de facto turning IT vendors into the defense contractors of the future. An interesting topic to explore would be at what level IT vendors collude with governments to plant or don’t reveal/fix vulnerabilities in exchange for commercial benefits – i.e. antitrust situations.”