Microsoft says now it will make the fixes free for everyone.
"We can certainly expect follow-on attacks".
The attack crippled more than 200,000 computers around the world.
Experts say it will be hard for them to replicate the conditions that allowed the so-called WannaCry ransomware to proliferate across the globe. And that's for a simple reason: Individuals and organizations alike are fundamentally awful about keeping their computers up-to-date with security fixes.
They exploited a flawless storm of factors - the Windows hole, the ability to get ransom paid in digital currency, poor security practices - but it's unclear if the payoff, at least so far, was worth the trouble. That program spread much more quickly than expected, soon choking and crashing machines across the internet.
Seventy-five per cent paid the ransom when targeted before, or instead of, contacting authorities or cybersecurity firms for assistance, compared with the global average of 40 per cent, according to a study sponsored by cybersecurity firm Malwarebytes and conducted by Osterman Research. With ransomware, criminals typically trick individuals into opening an email attachment containing malicious software. The kill switch is said to have prevented the attacks from spreading, saving millions of computers from being affected. The hackers exploited software code from the National Security Agency that leaked online.
Microsoft released a security patch for the vulnerabilities in March. WannaCry exploited common techniques employees use to share files via a central server.
"Technology companies owe their customers a reliable process for patching security vulnerabilities", he said. But that's complicated, because hackers need to find security flaws that are unknown, widespread and relatively easy to exploit.
The malware behind WannaCry (also called WannaCrypt, Wana Decryptor or WCry) was reported to have been stolen from the NSA in April.
The virus, nicknamed WannaCry, infects Windows computer systems that have not received the latest security update. But they could still linger as low-grade infections that flare up from time to time. The company rates the update as "critical" for supported Windows releases.
Conficker was more of a pest and didn't do major damage.
Last Friday's outbreak of the WannaCry ransomware infected hundreds of thousands of computers worldwide, including thousands at United Kingdom hospitals. But attackers can, and probably will, simply develop a variant to bypass this countermeasure.
Security researchers have already deployed failsafe measures to prevent further damage from this software. "Talk about a wake-up call", Hypponen said.
This extends to not grumbling when your system administrator at work takes the network down periodically to update systems, which usually includes installing new and often software patches.
"It's one of those things, in a ideal world, if people were up to date on the patches, this wouldn't be a problem", O'Leary said. "Part of what an organization needs to understand and assess is what those two risks are".
A number of popular websites like Amazon and Netflix were down for some users on Friday morning in what appears to be a massive DDoS attack.
The company issued a new patch for older Windows versions on May 12 after reports emerged of the far-ranging WannaCry attack, an unusual step.
Microsoft should know that there are people, small businesses, schools and hospitals that still use older version of Windows, such as XP (which came out in 2001).
Labour's shadow health secretary, Jonathan Ashworth, in a letter to Health Secretary Jeremy Hunt, said concerns were repeatedly flagged about outdated computer systems.