Brad Smith, president and chief legal officer of Microsoft, said regarding WannaCrypt ransomware which was negligently lost by the NSA, with its former name being EternalBlue:
"Second, this attack demonstrates the degree to which cybersecurity has become a shared responsibility between tech companies and customers. The fact that so many computers remained vulnerable two months after the release of a patch illustrates this aspect. As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’re literally fighting the problems of the present with tools from the past. This attack is a powerful reminder that information technology basics like keeping computers current and patched are a high responsibility for everyone, and it’s something every top executive should support."
In truth, many Windows 7 and 8.1 customers would have been fully patched if Microsoft had not tried to shove Windows 10 down everyone's throat by using tactics many considered to be akin to malware. Many users changed their Windows Update setting to "Never check for updates" to avoid being moved to Windows 10.
Microsoft doubled-down on user-hostile interfaces with its elimination of security bulletins, which many users depended upon to understand if an update should be accepted, not to mention combining many unrelated updates into one bundle, forcing users to either accept or reject everything.
By the way, Linux isn't affected by WannaCrypt.