Attack Surface Analyzer is the same tool used by Microsoft's internal product teams to catalogue changes made to the operating system by the installation of new software.


The tool takes snapshots of an organization's system and compares these to identify changes. The tool does not analyze a system based on signatures or known vulnerabilities - instead, it looks for classes of security weaknesses as applications are installed on the Windows operating system.

The tool has a stand-alone wizard to help guide users through the scanning and analysis process; a command-line version supports automation and older versions of Windows, and assists IT professionals as they integrate the tool with existing enterprise management tools.

The updated tool incorporates bug fixes improving the user experience, continuing to enable:

• Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
• IT professionals to assess the aggregate attack surface change by the installation of an organization's line of business applications
• IT security auditors to evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
• IT security incident responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase).

Download links:

• Attack_Surface_Analyzer_x86.msi
• Attack_Surface_Analyzer_x64.msi
• Attack_Surface_Analyzer_ReadMe.docx .