I guess you remember the day back in 2003: I was actually on vacation when I was called in back to the Microsoft offices as we had some strange things going on… It was the day of the Blaster breakout. The first time I personally had to deal with a very severe incident here at Microsoft. So we started to ramp up and tried to deal with what was happening out there. The biggest challenge was at the beginning to bridge the time between the beast hit our customers and everything was popping up in the press and the time we actually knew what was going on – which had to come from the Microsoft Security Response Centre back in Redmond. They did and amazing job but it took them some time as well. At the beginning we were blind and we did not have the same incident response processes back then as we have them today (and as we learned that they are necessary as a post-mortem of Blaster).
So, the teams ramped up and we tried out best to have an incident response team together locally: Support, PR, Sales, me, and whoever we could draw from any not absolutely critical activity. We did our best to keep the hotlines up but this was a mission impossible. Within hours we were flooded… So, we developed some written guidance what to do (and had to translate that into three languages as I was working in Switzerland back then) but still this only helped partially. People started to call our offices in order to get help and we had an overflow to handle there. And last but not least we had consumers walking into our buildings telling the receptionist that they have this thing they heard in the news and that we have to help them to get rid of it – NOW!
And then, after the first few days the customer visits started. I never experienced something like that. Customers were literally screaming at me, telling me what they think about Microsoft and that we did all wrong.
Well, the whole industry came a long way – didn’t it? Trustworthy Computing had a big effect on how software is developed, Security Development Lifecycle has an industry-wide impact, the products themselves grew tremendously looking at how we defend them today… and the industry starts to understand that Patch Management is an important part of the Risk Management processes. Yes, I said deliberately “starts to understand” – there is still an amazing number of customers who still do not even think about patching.
Looking back to 2003:
- Virus alert about the Blaster worm and its variants on microsoft.com
- Worm exploits a widespread Windows vulnerability
and a lot more