Microsoft and NSA together made good hole (not necessary made from scratch, but made sure not to allow any modifications and improvements) in SMB v1 implementation that was used to infect computers of people NSA was interested in.

Yet set of NSA tools leaked, and someone made thing called Wana decrypt0r 2.0.

Interesting thing is that Microsoft accidently showed amazing speed they can making updates:-)

To have your hard drive encrypted all you need is not have latest updates and have 445 port exposed (any infected machine in local network also can act as source of infection).

And, btw Windows XP, Windows Server 2003 SP3, WHS do not receive any security updates for a while. For Windows XP hack exist to allow some updates installation by making it think that it is OS for POS devices.

http://www.infoworld.com/article/3191897/microsoft-windows/more-shadow-brokers-fallout-doublepulsar-zero-day-infects-scores-of-windows-pcs.html