SEATTLE — When malicious software first became a serious problem on the internet about 15 years ago , most people agreed that the biggest villain , after the authors of the damaging code , was Microsoft . As a new cyberattack continues to sweep across the globe , the company is once again at the center of the debate over who is to blame for a vicious strain of malware demanding ransom Attack.Ransom from victims in exchange for the unlocking of their digital files . This time , though , Microsoft believes others should share responsibility for the attack , an assault that targeted flaws in the Windows operating system . On Sunday , Brad Smith , Microsoft ’ s president and chief legal officer , wrote a blog post describing the company ’ s efforts to stop the ransomware ’ s spread , including an unusual step it took to release Vulnerability-related.PatchVulnerability a security update for versions of Windows that Microsoft no longer supports . Mr. Smith wrote , “ As a technology company , we at Microsoft have the first responsibility to address Vulnerability-related.PatchVulnerability these issues. ” He went on , though , to emphasize that the attack had demonstrated the “ degree to which cybersecurity has become a shared responsibility between tech companies and customers , ” the latter of whom must update their systems if they want to be protected . He also pointed his finger at intelligence services , since the latest vulnerability appeared to have been leaked from the National Security Agency . On Monday , a Microsoft spokesman declined to comment beyond Mr. Smith ’ s post . Microsoft has recognized the risk that cybersecurity poses to it since about 2002 , when Bill Gates , the former chief executive , issued a call to arms inside the company after a wave of malicious software began infecting Windows PCs connected to the internet . “ As software has become ever more complex , interdependent and interconnected , our reputation as a company has in turn become more vulnerable , ” Mr. Gates wrote in an email to employees identifying trustworthy computing as Microsoft ’ s top priority . “ Flaws in a single Microsoft product , service or policy not only affect Vulnerability-related.DiscoverVulnerability the quality of our platform and services overall , but also our customers ’ view of us as a company. ” Since then , the company has poured billions of dollars into security initiatives , employing more than 3,500 engineers dedicated to security . In March , it released Vulnerability-related.PatchVulnerability a software patch that addressed Vulnerability-related.PatchVulnerability the vulnerability exploited by the ransomware , known as WannaCry , protecting systems such as Windows 10 , its latest operating system . Yet security flaws in older editions of Windows persist . The company no longer provides Vulnerability-related.PatchVulnerability regular software updates to Windows XP , a version first released in 2001 , unless customers pay for “ custom support , ” a practice some observers believe has put users at risk . Late Friday , Microsoft took the unusual step of making patches Vulnerability-related.PatchVulnerability that protect older systems against WannaCry , including Windows XP , free . “ Companies like Microsoft should discard the idea that they can abandon people using older software , ” Zeynep Tufekci , an associate professor at the school of information and library science at the University of North Carolina , wrote in a New York Times opinion piece over the weekend . “ The money they made from these customers hasn ’ t expired ; neither has their responsibility to fix defects. ” But security experts challenged that argument , saying that Microsoft could not be expected to keep updating old software products indefinitely . Providing Vulnerability-related.PatchVulnerability updates to older systems could make computers more insecure by removing an incentive for users to modernize , Mikko Hypponen , the chief research officer of F-Secure , a security firm . “ I can understand why they issued Vulnerability-related.PatchVulnerability an emergency patch for XP after WannaCry was found , but in general , we should just let XP die , ” Mr. Hypponen said .