Microsoft has released a public version of its internal Attack Surface Analyzer tool, which helps organizations identify changes to a system’s attack surface as new applications are added. The tool has been in beta for a few months, but this is the first official release.
The Attack Surface Analyzer is part of the company’s own internal software and application security efforts. It’s part of Microsoft’s Security Development Lifecycle, and it’s meant to address the gaps in security that can arise when an organization installs new applications on a system. Even small changes on a system can lead to unanticipated consequences, including new vulnerabilities and weak spots where attackers might be able to slide in.
“Unlike many tools that analyze a system based on signatures or known vulnerabilities, Attack Surface Analyzer looks for classes of security weaknesses Microsoft has seen when applications are installed on the Windows operating system, and it highlights these as issues. The tool also gives an overview of changes to the system that Microsoft considers important to the security of the platform, and it highlights these changes in the attack surface report. Some of the checks performed by the tool include analysis of changed or newly added files, registry keys, services, Microsoft ActiveX controls, listening ports and other parameters that affect a computer’s attack surface,”Monty LaRue and Jimmie Lee of Microsoft said.
Attack Surface Analyzer isn’t just meant for security professionals or even IT staffs. Microsoft says the tool also can be of use to developers who can see how the code that they’re writing will affect the security of a system. That’s not often something that’s possible for developers during the process of writing an application.
The new version of Attack Surface Analyzer includes both a GUI and a command line interface.
“The tool has a stand-alone wizard to help guide users through the scanning and analysis process; a command-line version supports automation and older versions of Windows, and assists IT professionals as they integrate the tool with existing enterprise management tools,” LaRue and Lee said.