December 9, 2016

Microsoft releases Attack Surface Analyzer 1.0

(LiveHacking.com) — Microsoft’s Attack Surface Analyzer has come out of beta with the official release of V1.0. The tool, which Microsoft first released as a beta in January, is designed to help developers better understand changes to the attack surface in a Windows machine due to the installation of new applications.

A system’s attack surface is the exposed points of entry in which a hacker can enter a system and potentially cause damage.  The attack surface includes user input fields, protocols, interfaces, and software services; the smaller the surface the more secure the system.

By highlighting the changes in system state, runtime parameters and securable objects, developers can see any increases in the attack surface caused by installing applications on a machine. The tool checks for a variety of changes including newly added files, registry keys, services, ActiveX Controls, listening ports and access control lists. Any of these things can increase a computer’s attack surface.

New for version 1.0 are performance enhancements, bug fixes and improvements to reduce the number of false positives.  This release also includes in-depth documentation and guidance to improve ease of use.  The tool has a stand-alone wizard to help guide users through the scanning and analysis process. There is also a command-line version to help IT professionals integrate the tool with existing enterprise management tools.

Summary

The Attack Surface Analyzer enables:

  1. Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
  2. IT Professionals to assess the aggregate attack surface change by the installation of an organization’s line of business applications
  3. IT Security Auditors to evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
  4. IT Security Incident Responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase)