So Microsoft had a bug in their systems. Many of their sytems. For many years. That happens. People write code. These people write bugs
Microsoft over the years has become decently good with fixing bugs and rolling out upgrades, quickly. That’s apparently important, because we all are not good enough at not writing bugs. So if we cannot prevent them, we need to be able to fix them and then bring these fixes to the people. All of them.
The NSA found a bug. They called it ETERNALBLUE and they have been using it for many years to compromise systems.
In order to be able to continue doing that they kept the bug secret. That did not work. The bug is now MS17-010 or a whole list of CVE-entries.
The NSA told MS about the bug when they learned that it had leaked, but not before. Microsoft patched the bug in March 2017, even for systems as old as Windows XP (which lost all support in 2014), but many people did not install the patch.
The result is “the largest cyberattack in the world”.