In the letter, released Monday afternoon, the Virginia senator asks Homeland Security Secretary John Kelly and Office of Management and Budget Director Mick Mulvaney what steps they took to ensure that the patch Microsoft issued in March was promptly applied to computer networks of federal agencies and their contractors.

A DHS official told CyberScoop that some federal agencies were able to use new capabilities under the government-wide Continuous Diagnostic and Monitoring, or CDM, program to scan their systems and identify any potentially vulnerable machines on their networks.

The situation appears to be “a major, long-term economic problem when costly, critical systems with double-digit expected lifespans are supported by software only expected to be supported for four or five years,” Warner wrote.