News

Microsoft Tool for Scanning Third-Party Software Gets Update

• By Kurt Mackie
• 05/16/2019

Microsoft announced Attack Surface Analyzer 2.0 this week, describing changes in the updated -- and now open source -- software.

Attack Surface Analyzer 2.0, released about a week ago, can be used by IT security auditors to evaluate the risk of "third-party software" (software from non-Microsoft vendors). It can also be used by DevOps engineers to see the system changes made by software additions, per Microsoft's GitHub description. It's an open source tool, built using .NET Core, that runs on Linux, macOS and Windows systems.

The tool is needed, Microsoft's announcement explained, "because most installation processes require elevated privileges, which can lead to undesired system configuration changes." 

Users of Attack Surface Analyzer 2.0 perform an initial system scan. They then install an application and perform yet another system scan. The tool will then show what changed based on certain criteria.

Currently, the criteria that can be selected include:

• File System
• User Accounts
• System Services
• Network Ports (listeners)
• System Certificate Stores
• Windows Registry

Other criteria may get added to the tool in the near future. Microsoft is considering adding code signing information, drivers, firewall settings, redistributable installations, network traffic, registry and some "requested features which existed in the original Attack Surface Analyzer," the GitHub page explained.

Attack Surface Analyzer 2.0 is deemed as being the replacement for the original Attack Surface Analyzer tool that Microsoft released back in 2012, which is still available here.

One catch to using Attack Surface Analyzer 2.0 is that installation files currently aren't available. Just a bunch of compressed files can be accessed from the GitHub code repository.

An early tester encountered an odd roadblock, according to this Twitter post.