Finally, someone has the right answer to how to clean a compromised system. So, you didn’t patch the system and it got hacked. What to do?

Click here to find out.

Is it the one correct answer - If you have already been compromised? Three cheers for Jesper M. Johansson, Ph.D., CISSP, MCSE, MCP+I, Security Program Manager at Microsoft for pointing this out. Maybe.

However, it should be noted (as was done to me by a security professional whom I respect greatly) that there are many options other than and in addition to patching available to prevent system compromise. Here's what my colleague said in email:

“I can't believe they actually published that!  While instilling fear and hopelessness it has no redeeming value and makes MS look bad (by implying a 'justification' for the pain of the patch process).  There are other alternatives to cleaning systems and validating what has been altered besides reformatting.  Things like Tripwire, regular audits, etc. etc. etc.  The real decision is what is it worth to not have to reformat?  Also you don't need any of the MS patches to prevent a system from being compromised.”

All valid points. I agree on one level or another with everyone here: Prevention and planning are worth a ton of cure. But when you have been compromised at the system level (i.e. did not plan and prevent), you're assuming a fairly large risk if you continue to use the compromised system.