Attack Surface Analyzer Beta
The Attack Surface Analyzer beta is a Microsoft verification tool now available for ISVs and IT
professionals to highlight the changes in system state, runtime parameters and securable
objects on the Windows operating system. This analysis helps developers, testers and IT
professionals identify increases in the attack surface caused by installing applications on a
The tool takes snapshots of an organization’s system and compares (“diffing”) these to identify
changes. The tool does not analyze a system based on signatures or known vulnerabilities;
instead, it looks for classes of security weaknesses as applications are installed on the Windows
The tool also gives an overview of the changes to the system Microsoft Corp. considers
important to the security of the platform and highlights these in the attack surface report. The
Microsoft Security Development Lifecycle (SDL) requires development teams to define a given
product’s default and maximum attack surface during the design phase to reduce the likelihood
of exploitation wherever possible. Additional information can be found in the Measuring
Relative Attack Surface paper.
Some of the checks performed by the tool include analysis of changed or newly added files,
registry keys, services, ActiveX Controls, listening ports, access control lists and other
parameters that affect a computer’s attack surface.
Attack Surface Analyzer beta will be released for download Jan. 18, 2011, in conjunction with a
number of updates to other Microsoft SDL tools, at Black Hat DC. The tool is available at no
An internal tool used within Microsoft for over five years, Attack Surface Analyzer beta is based
on patented attack surface analysis techniques and runs on Windows Vista, Windows 7 and
Windows Server 2008.
Microsoft uses the Attack Surface Analyzer beta as a requirement of the verification phase of
the Microsoft SDL. Making the tool available externally enables application developers, testers
and IT professionals to easily and quickly verify that they have built and deployed their
applications in accordance with Microsoft’s SDL guidelines. These requirements help ensure
that applications do not unnecessarily or inadvertently increase the attack surface of a
machine, thus reducing the likelihood of exploitation by an attacker.
Attack Surface Analyzer beta is offered to developers as a stand-alone tool with a wizard to step
through the process and a command-line version to help IT professionals integrate the tool with
existing enterprise management tools.
More information on Attack Surface Analyzer beta by Microsoft and other tools supporting the
Microsoft SDL is available at http://www.microsoft.com/security/sdl/getstarted/tools.aspx.
For more information, press only:
Rapid Response Team, Waggener Edstrom Worldwide, (503) 443-7070,