The company stressed that it had seen “no exploitation” ahead of the patch, but though it was “highly likely” that malware writers would use the security hole. Some systems that have Network Level Authentication have a partial defense, since they require credentials before the flaw is usable.

There’s no doubt as to why Microsoft is doing this. WannaCry had a devastating impact on PCs worldwide, including the UK’s health care system, and Microsoft doesn’t want to risk contributing to the issue by leaving systems unpatched. There’s no guarantee that this will avert a crisis, though. Malware like WannaCry tends to spread precisely because companies and institutions are reluctant to update their systems and risk breaking important software — it’ll only be effective if Microsoft can convince customers that the fixes are too important to ignore.