Threat Modeling Tool 正式版 7.1.50911.2 - 2018 年 9 月 12 日Threat Modeling Tool GA release 7.1.50911.2 - 9/12/2018

我们很高兴地宣布,Microsoft Threat Modeling Tool 的受支持正式版 (GA) 现已推出,可供用户下载。We are excited to announce the Microsoft Threat Modeling Tool is now available to download as a supported generally available (GA) release. 此版本包含重要的隐私和安全更新,以及 bug 修复、功能更新和稳定性方面的改进。This release contains important privacy and security updates as well as bug fixes, feature updates, and stability improvements. 2017 预览版的现有用户在打开客户端时,系统会提示他们通过 ClickOnce 技术更新到最新版本。Existing users of the 2017 Preview version will be prompted to update to the latest release through the ClickOnce technology upon opening the client. 对于该工具的新用户,可以下载客户端For new users of the tool, you can download the client.

随着此版本的推出,我们将终止对 2017 预览版的支持,建议预览版的所有用户更新到正式版。With this release, we are ending support for the 2017 Preview and recommend all users of the Preview update to the GA release. 在 2018 年 10 月 15 日或之后,我们将会规定 Threat Modeling Tool 的最低要求 ClickOnce 版本,所有预览版客户端都必须升级。On or after October 15 2018, we will set the minimum required ClickOnce version for the Threat Modeling Tool, and all Preview clients will be required to upgrade.

Microsoft Threat Modeling Tool 2016(可从 Microsoft 下载中心下载)的支持期将持续到 2019 年 10 月 1 日,但仅限关键安全修复方面的支持。The Microsoft Threat Modeling Tool 2016, which is available from the Microsoft Download Center, remains supported until October 1 2019 for critical security fixes only.

功能更改Feature changes

Azure 模具更新Azure stencil updates

此版本随附的模具集添加了更多的 Azure 模具及其关联的威胁和缓解措施。Additional Azure stencils and their associated threats and mitigations have been added to the stencil set shipping with this release. “Azure 应用服务”、“Azure 数据库产品/服务”和“Azure 存储”的重点功能已有重大变化。Significant changes were made in the focus areas of "Azure App Services", "Azure Database Offerings", and "Azure Storage."

Azure 模具更新

修复了客户报告的明显 bugNotable fixed bugs reported by customers

在 TMT 预览版中,使用标准模板时该工具会崩溃In TMT Preview, the tool crashes when using the standard template

  • 将通用模具(例如“通用数据流”)添加到图面并生成威胁时,该工具可能会崩溃。When a Generic stencil (for example "Generic Data Flow") is added to the drawing surface and generates threats, the tool may crash. 现在已修复此问题。This issue has been fixed.

在 TMT 预览版中,当我保存报告或复制威胁时,风险级别不正确In TMT Preview, when I save a report or copy the threats, the risk levels are incorrect

  • 如果用户修改特定威胁的风险级别,然后保存报告或复制风险,则风险级别可能会还原为“高”。If a user modifies the Risk level of specific threats and then saves a report or copies the risks, the risk level may revert to "High". 现在已修复此问题。This issue has been fixed.

已知问题和常见问题解答Known issues and FAQ

高分辨率屏幕的用户可能会在威胁属性中看到很小的字体Users of high-resolution screens may experience small text in the threat properties


在该工具的分析视图中,如果用户使用的高分辨率屏幕默认设置为放大画面以方便在 Windows 中阅读,则威胁的“可能的缓解措施”部分可能会显示很小的文本。In the Analysis View of the tool, if the user has a high-resolution screen that is set by default to magnify for readability in Windows, the "Possible Mitigation(s)" section of a threat may appear with small text.



用户可以单击缓解措施文本,然后使用标准的 Windows 缩放控件(按住 Crtl 并向上滚动鼠标滚轮)来增大该部分的放大倍数。The user can click on the mitigation text and use the standard Windows zoom control (Crtl-Mouse Wheel Up) to increase the magnification of that section.

我的组织使用的是 2016 版工具,我是否可以使用 Azure 模具集?My organization uses the 2016 version of the tool, can I use the Azure stencil set?

可以!Yes, you can! Azure 模具集已在 GitHub 上提供,可将其载入 2016 版工具。The Azure stencil set is available on GitHub, and can be loaded in the 2016 version of the tool. 若要使用 Azure 模具集创建新模型,请使用主菜单屏幕上的“新模型的模板”对话框。To create a new model with the Azure stencil set, use the “Template For New Models” dialog on the main menu screen. TMT 2016 无法呈现 Azure 模具集的“可能的缓解措施”字段中的链接,因此,你可能发现这些链接显示为 HTML 标记。TMT 2016 cannot render the links found in the “Possible Mitigations” fields of the Azure stencil set, therefore you may see links displayed as HTML tags.

2016 客户端中的 Azure 模具更新

系统要求System requirements

  • 支持的操作系统Supported Operating Systems
    • Microsoft Windows 10Microsoft Windows 10
  • 所需的 .NET 版本.NET Version Required
    • .NET 3.5.2.NET 3.5.2
  • 其他要求Additional Requirements
    • 需要建立 Internet 连接才能接收工具和模板的更新。An Internet connection is required to receive updates to the tool as well as templates.

文档和反馈Documentation and feedback

后续步骤Next steps

下载最新版本的 Microsoft Threat Modeling ToolDownload the latest version of the Microsoft Threat Modeling Tool.