Microsoft teams up with NIST help organizations patch than they did after WannaCry

Credit: ID 153361020 © Phongsak Meedaenphai |

Microsoft and the US government are asking patch management vendors and end-user organizations to share their experiences about how to swiftly patching security flaws and explain learnings from past failures.   

Microsoft is encouraging all patch management vendors and Windows customers to reach out to the U.S. National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) for help to solve challenges around patching security flaws in the face of rapidly spreading malware outbreaks . 

The joint effort is partly inspired by the devastating NotPetya attack that relied on exploits for the same flaws Microsoft rushed out patches for in response to WannaCry, which happened a few months earlier in May 2017. 

“We were particularly concerned with why patches hadn’t been applied, as they had been available for months and had already been used in the WannaCrypt worm—which clearly established a ‘real and present danger’,” said Mark Simos, a lead cybersecurity architect at Microsoft’s cybersecurity solutions group.  

Microsoft issued patches for the NSA-developed EternalBlue flaws in March 2017 in the security bulletin MS17-010.