Microsoft President Brad Smith says that the vulnerability exploited by WannaCry was something that the NSA had and was using as a weapon.

Smith, who is also chief legal officer, wrote in his bog that this was part of an emerging pattern.

"We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage."

WannaCry software encrypts files and displays a ransom message demanding $300 in bitcoin.

It has attacked hundreds of thousands of computers, security experts say, from hospital systems in the UK and a telecom company in Spain to universities and large companies in Asia.

The malware behind WannaCry was nicked from the NSA in April. And while Microsoft said it had already released a security update to patch the vulnerability a month earlier, it would appear that the NSA hadn't told the US tech giant about the security risk until after it had been stolen.

Two months after Microsoft issued its security patch, thousands of computers were vulnerable to the WannaCry attack. That prompted the company to issue another patch on Friday for older and unsupported operating systems such as Windows XP, allowing users to secure their systems without needing an upgrade to the latest operating software.

The attack, Smith says, "represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today — nation-state action and organized criminal action".

International standards should compel countries not to stockpile or exploit software vulnerabilities, Smith says. He adds that governments should report vulnerabilities like the one at the center of the WannaCry attack.

Governments "need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world," Smith says, urging agencies to "consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits".