Microsoft Corp. said that the software used in the global cyber assault that began Friday came from code stolen from the U.S. National Security Agency, adding that the attack should serve as a wake-up call for governments over the risks of hoarding such digital weapons for use against their enemies.

The software giant’s statement is the most authoritative confirmation so far of the connection between the Friday attack and the code that appeared to be for cyberattacks and was disclosed in April by an anonymous group called...