Microsoft recently announced the release of Attack Surface Analyzer 1.0, which was first made available in beta last year. “The purpose of this tool is to help software developers, Independent Software Vendors (ISVs) and IT Professionals better understand changes in Windows systems’ attack surface resulting from the installation of new applications,” Microsoft’s Monty LaRue and Jimmie Lee wrote in a blog post.
“The Attack Surface Analyzer is part of the company’s own internal software and application security efforts,” writes Threatpost’s Dennis Fisher. “It’s part of Microsoft’s Security Development Lifecycle, and it’s meant to address the gaps in security that can arise when an organization installs new applications on a system. Even small changes on a system can lead to unanticipated consequences, including new vulnerabilities and weak spots where attackers might be able to slide in.”
“The tool does not analyze a system based on signatures or known vulnerabilities — instead, it looks for classes of security weaknesses as applications are installed on the Windows operating system,” Help Net Security reports.
“The tool scans for classes of known security weaknesses that can be introduced by the files, registry keys, services, Microsoft ActiveX controls and other parameters created or changed by new applications,” writes PCWorld’s Lucian Constantin. “It can identify executable files, directories, registry keys, or processes with weak access control lists (ACLs). It can also flag processes that don’t mark memory regions as non-executable (NX), which could result in the bypassing of the Data Execution Prevention (DEP) Windows security feature. The tool also identifies services with fast restart times that could be attacked to bypass address space layout randomization (ASLR), as well as changes to the Windows Firewall rules or Internet Explorer security policies.”