Completing the plot
So this story seems to complete the suspicions that it was in fact MS who released this attack code which UNINTENTIONALLY hit NHS. The timeline shows it:
Feb2017: Vulnerability and leak of those nasty tools was reported.
May2017: Patch was released by MS
Jun2017: Patch for XP (which was an already unsupported OS at that time) was released
Aug2017: Marcus Hutchins, guy who created a patch to stop WannaCry was jailed during DefCon.
end result: £150m cash for MS with this Win10 upgrade.