News

Microsoft tool spots weaknesses in newly installed programmes

Microsoft has released a free tool to help system administrators, IT security professionals and software developers understand how newly installed applications can affect the security of a Windows OS.

Attack Surface Analyzer 1.0 scans for classes of known security weaknesses that can be introduced by the files, registry keys, services, Microsoft ActiveX controls and other parameters created or changed by new applications.

It can identify executable files, directories or processes with weak access control lists (ACLs). It can also flag processes that don’t mark memory regions as non-executable (NX), which could result in the bypassing of the Data Execution Prevention (DEP) Windows security feature.

The tool also identifies services with fast restart times that could be attacked to bypass address space layout randomisation (ASLR), as well as changes to the Windows Firewall rules or Internet Explorer security policies.

These and many other weaknesses that the tool can recognise will facilitate various types of attacks, including some that could allow attackers to gain control of the system, execute malicious code or gain access to sensitive data.

The tool is already being used by internal product groups at Microsoft and a public beta version has been available to download since January 2011. The 1.0 stable version released on Thursday contains significant performance enhancements and bug fixes.

“Through improvements in the code, we were able to reduce the number of false positives and improve graphic user interface performance,” said the Microsoft Security Development Lifecycle (SDL) team.

“This release also includes in-depth documentation and guidance to improve ease of use,” it added.

The tool has 32-bit and 62-bit versions and supports Windows Vista and newer versions of Microsoft’s OS, including Windows 8 and Windows Server 2012 that hit the RTM (release to manufacturing) milestone on Wednesday.

Attack Surface Analyzer 1.0 is not compatible with the beta version of the tool, so existing users need to perform new “clean” system and post-application-installation scans – known as the baseline and product scans respectively.

Attack Surface Analyzer requires .NET Framework 4 or higher present on the system in order to compare and analyse scan results. However, performing the actual scans can be done from the command line interface without .NET Framework.

 

Previous ArticleNext Article

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

GET TAHAWULTECH.COM IN YOUR INBOX

The free newsletter covering the top industry headlines