Microsoft Attack Surface Analyzer - Review
- Directories With Weak ACLs - related to the use of NT SERVICE\TrustedInstaller (needs more investigation to see why this was reported)
- Processes With NX Disabled - GoogleCrashHandler.exe included in the software does not use DEP security options (why not?)
- Services Vulnerable To Tampering - The Google Update service that was installed is also susceptible to tampering by the NT SERVICE\TrustedInstaller account.
- New Service - Google Update Service
- New Running Processes - google crash handler and a .NET framework utility
- 113 New Registered COM Controls - IE mostly but controls used within the software.
- 3 New Internet Explorer Silent Elevation Entries / Preapproved controls - Google Update plugin - This is interesting as it looks like this gets added to the list of approved protected mode controls - more investigation needed here.
- 1 New TCP Port - Established outbound TCP port on 49336. This is likely the port used by the google update service and checks for updates during the install. Not sure more investigation likely here as well.
- 6 New Named Pipes