In an interview with Computer Weekly, Stuart Okin, Microsoft's chief security officer, acknowledged that the current patching cycle, which puts pressure on businesses to roll out patches immediately, was less than ideal.
"The solution is not necessarily to install patches quickly but to develop operating systems that can block suspicious behaviour and dynamically change their state. This is what we are working towards," he said.
Products with this capability to detect and block worms are likely to be available in one to two years, either as add-ons to Windows, or built into the operating system.
Okin revealed that Microsoft is experimenting with ways to improve the testing of patches before they are released.
Although the company is working with ISPs and selected users to test the impact of patching, Okin ruled out beta testing patches with closed groups of users. He argued that there was a strong risk that this could lead to the patches finding their way into the hands of hackers.
Microsoft sought to play down complaints from businesses that the MS04-11 patch required to protect systems from the Sasser worm contained bugs that caused computer systems to crash.
"There are some specific scenarios where people have run into problems with MS04, but they are all documented. They are not common scenarios," said Okin.
Microsoft invoked emergency plans over the bank holiday weekend, calling in extra people to man call centres and phoning key customers to warn them about the Sasser worm.
Most big businesses escaped unscathed but smaller firms were affected, Okin revealed. In many cases, small businesses were affected because they had failed to install firewalls, he said.