But school's not out for Microsoft on Blaster. There are a few lessons that Redmond seemingly hasn't taken to heart.

For one, PSS needs a better emergency plan. Microsoft Product Support Services (PSS) officials have devised an emergency security plan for virulent viruses, worms and other kinds of attacks. And, at least publicly, the PSS execs are claiming it worked well in the case of Blaster.

But our sources tell us that during the first two days that Blaster hit, XP support queues had more than 800 calls waiting at any one time. Based on the queue backlog, more than 40,000 calls for help were placed to PSS the first two days Blaster hit, our sources estimate. (Microsoft won't comment on these figures.)

On the toll-free support line during the first week Blaster hit, users were waiting an average of an hour-and-a-half to reach a PSS rep. There were such long wait times and backlogs that the Windows client group had to seek out volunteers among the Windows development and test teams to help offload the PSS folks.

Secondly, Microsoft needs to take its own patching medicine. I have it on pretty good authority that even though Microsoft made the security patch that could have headed off Blaster available weeks before the worm hit, it didn't patch all of its own servers inside the company. I've heard 47 servers running Microsoft's Passport Internet-authentication software had to be taken down on August 12 (day two of Blaster) for "emergency maintenance."

You may recall that Microsoft failed to patch a number of its own servers against the SQL Server Slammer worm back in January, exacerbating the effects of the attack. Wasn't once enough?

What's your take? Is Redmond finally on the right course, in terms of getting its patching story in order? Or are there other lessons Microsoft needs to learn before it can do right by its customers on the security front?

Write me at mswatch@ziffdavis.com and let me know what you think.