Correction fixed in March 2017, Not 2016.
This bug was well documented, widely publicised, and as I said, fixed via an OS update over a year ago. What this incident makes abundantly clear is the level of bureaucratic/technical incompetence which exists in IT departments around the world.
No where did I imply we should “trust” intelligence agencies,
but their primary responsibility is to take full advantage of vulnerabilities for intelligence purposes, and secure critical government infrastructure, not to act as cybercops protecting the rest of us.
In fact, we don’t need cybercops so much as policies and laws which punish institutions for failing to follow minimum security measures like routinely installing OS patches, administratively blocking the unauthorized installation of code on any networked PC, maintaining unconnected database backups, and instituting two factor authentication for authorized users. Not to mention blocking users access to social media and common consumer sites. Those simple steps prevent the installation of just about all viruses and malware.
A discussion of exactly what our government’s role should be when it comes to personal cyber-security is entirely appropriate, but that conversation is entirely separate from the discussion of the proper role of our intelligence services.