{"id":1038,"date":"2022-06-01T15:13:00","date_gmt":"2022-06-01T14:13:00","guid":{"rendered":"https:\/\/conscia.com\/ie\/?p=1038"},"modified":"2026-05-18T09:35:08","modified_gmt":"2026-05-18T08:35:08","slug":"vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day","status":"publish","type":"post","link":"https:\/\/conscia.com\/ie\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/","title":{"rendered":"Vulnerability Spotlight: How to detect Follina the Windows MSDT 0-day&nbsp;"},"content":{"rendered":"\n<p class=\" wp-block-paragraph\">Microsoft confirmed a security vulnerability tracked as CVE-2022-30190 and released it on their&nbsp;<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-30190\">MSRC portal<\/a>&nbsp;on May 30th, 2022. The vulnerability allows for a remote code execution (RCE) when MSDT (Microsoft Support Diagnostic Tool) is called using URL protocol from a calling application. \u201c<em>An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application.<\/em>\u201d Microsoft explained. This allows attackers to perform several critical functions such as installing new programs, modifying data and creating new accounts in context allowed by the user\u2019s rights.&nbsp;<\/p>\n\n\n\n<p class=\" wp-block-paragraph\">Security researchers at Proofpoint were able to spot Chinese APT group (TA413)&nbsp;<strong>actively exploiting this vulnerability<\/strong>by executing malicious code when targets&nbsp;<a href=\"https:\/\/twitter.com\/threatinsight\/status\/1531688214993555457\">open or preview Word documents<\/a>&nbsp;delivered in ZIP archives.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\" wp-block-paragraph\">Conscia Cyberdefense SOC can reliably detect the exploitation of this vulnerability in real time for our MDR customers who use Cortex XDR and Microsoft Defender for Endpoint data sources.<\/p>\n\n\n\n<h2 class=\"wp-block-heading  wp-block-paragraph\">How to detect the potential exploit\u00a0<\/h2>\n\n\n\n<p class=\" wp-block-paragraph\">While Microsoft&nbsp;<a href=\"https:\/\/msrc-blog.microsoft.com\/2022\/05\/30\/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability\/\">recommends disabling<\/a>&nbsp;the MSDT URL protocol in order to mitigate this vulnerability, our Conscia Cyberdefense Threat Detection engineer<strong>&nbsp;Tom Kern<\/strong>&nbsp;developed custom detection rule, for those who are not keen on the workaround and are interested in robust detection.&nbsp;<\/p>\n\n\n\n<p class=\" wp-block-paragraph\">One of the most obvious ways to detect the exploitation is to focus on process relationship between Office software (such as MS Word) and msdt.exe. The following figure shows detection logs when opening a weaponized Word document:&nbsp;&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/conscia.com\/wp-content\/uploads\/2022\/06\/20220601_follina_scrn001.png\" alt=\"\" class=\"wp-image-15673\"\/><\/figure>\n\n\n\n<p class=\" wp-block-paragraph\">This is definitely something to look for. However, in this case we assume the payload will be delivered in the form of weaponized Word file. Remember, this vulnerability is not in Microsoft Office, but in Support Diagnostic Tool, therefore it can be delivered and exploited in many ways. Limiting our detection efforts only to this scenario gives the attacker opportunity to bypass our defenses by choosing another delivery method.\u00a0<\/p>\n\n\n\n<p class=\" wp-block-paragraph\">To define more universal detection logic, we focused on the code execution itself. In our testing, the exploit code is set up to open\u00a0<code><strong>notepad.exe<\/strong>.\u00a0<\/code><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/conscia.com\/wp-content\/uploads\/2022\/06\/20220601_follina_scrn002.png\" alt=\"\" class=\"wp-image-15674\"\/><\/figure>\n\n\n\n<p class=\" wp-block-paragraph\">Here we observed that the\u00a0<strong><code>sdiagnhost.exe<\/code>\u00a0i<\/strong>s the one which spawns the payload, in this case\u00a0<code><strong>notepad.exe<\/strong><\/code>. The blacklist approach to detecting this relationship would be searching for any suspicious child processes of\u00a0<strong>sdiagnhost.exe<\/strong>, such as\u00a0<strong>cmd.exe<\/strong>, <strong>powershell.exe<\/strong>, <strong>mshta.exe<\/strong>, <strong>wscript.exe<\/strong>, <strong>wmiprvse.exe<\/strong>.\u00a0<\/p>\n\n\n\n<p class=\" wp-block-paragraph\">This approach is flawed since it focuses on the known executables that are typically abused by attackers. A more sustainable approach is by whitelisting expected child processes. This means we need to define a rule that triggers if\u00a0<code><strong>sdiagnhost.exe<\/strong><\/code>\u00a0creates a child process that is\u00a0<strong>not<\/strong>\u00a0normal for this executable.\u00a0\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading  wp-block-paragraph\">Understanding SDIAGNHOST\u00a0<\/h2>\n\n\n\n<p class=\" wp-block-paragraph\">To find out what is normal for\u00a0<code><strong>sdiagnhost.exe<\/strong><\/code>, we first need to understand how it is used by the operating system. You are probably familiar with the feature in Microsoft Windows that tries to troubleshoot a problem for you. It looks like this:\u00a0<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/conscia.com\/wp-content\/uploads\/2022\/06\/20220601_follina_scrn003.png\" alt=\"\" class=\"wp-image-15675\"\/><\/figure>\n\n\n\n<p class=\" wp-block-paragraph\">The troubleshooting is handled by\u00a0<code><strong>sdiagnhost.exe<\/strong><\/code>\u00a0which spawns different processes which are used to gather more information about the problem. For example, if a network issue is being troubleshooted, the\u00a0<code><strong>sdiagnhost.exe<\/strong><\/code>\u00a0will spawn\u00a0<code><strong>route.exe<\/strong><\/code>\u00a0which provides local routing table to identify issues with the default gateway.\u00a0<\/p>\n\n\n\n<p class=\" wp-block-paragraph\">There is a limited number of executables that\u00a0<code><strong>sdiagnhost.exe<\/strong><\/code>\u00a0will spawn. In our customer\u2019s environment, those were:\u00a0<\/p>\n\n\n\n<p class=\" wp-block-paragraph\"><strong>conhost.exe<\/strong>, <strong>csc.exe<\/strong>, <strong>TiWorker.exe<\/strong>, <strong>MoUsoCoreWorker.exe<\/strong>, <strong>TrustedInstaller.exe<\/strong>, <strong>RtkAudioService64.exe<\/strong>, <strong>tphkload.exe<\/strong>, <strong>SpatialAudioLicenseSrv.exe<\/strong>, <strong>spoolsv.exe<\/strong>, <strong>WaaSMedicAgent.exe<\/strong>, <strong>bitsadmin.exe<\/strong>, <strong>control.exe<\/strong>, <strong>net.exe<\/strong>, <strong>sc.exe<\/strong>, <strong>sfc.exe<\/strong>, <strong>ROUTE.EXE<\/strong>, <strong>makecab.exe<\/strong>, <strong>ipconfig.exe<\/strong>, <strong>netsh.exe<\/strong>\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading  wp-block-paragraph\">Detecting suspicious child process of SDIAGNHOST\u00a0<\/h2>\n\n\n\n<p class=\" wp-block-paragraph\">It is normal for sdiagnhost.exe to spawn the above executables, therefore anything that is not on the list above can be considered anomalous. The list, however, is not necessarily complete and should be verified in your environment for any additional executables that were observed in the past.&nbsp;<\/p>\n\n\n\n<p class=\" wp-block-paragraph\">The detection rule would look like this:&nbsp;<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Parent process name is\u00a0<strong><code>sdiagnhost.exe<\/code>\u00a0<\/strong><code>AND<\/code><\/li>\n\n\n\n<li>Process name is not in [the list above]\u00a0<\/li>\n<\/ol>\n\n\n\n<p class=\" wp-block-paragraph\">The best thing about such approach to rule logic is that it will most likely detect also any other future&nbsp;RCE vulnerabilities in Microsoft Support Diagnostic Tool as the logic focuses on deviations from normal behavior and not on the known bad behavior.&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Learn how to detect and respond to the Follina Windows MSDT 0-day vulnerability to protect your organisation from cyber threats.<\/p>\n","protected":false},"author":2,"featured_media":1039,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1],"global_solutions":[9,22],"global_partners":[],"global_industries":[25],"global_business_outcome":[43],"global_types":[],"class_list":["post-1038","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","global_solutions-cybersecurity","global_solutions-threat-intelligence","global_industries-all-industries","global_business_outcome-security-operations"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.4 (Yoast SEO v26.4) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Vulnerability Spotlight: How to detect Follina the Windows MSDT 0-day&nbsp; - Conscia Ireland<\/title>\n<meta name=\"description\" content=\"Learn how to detect the Follina Windows MSDT 0-day vulnerability and protect your organisation from exploitation.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerability Spotlight: How to detect Follina the Windows MSDT 0-day&nbsp;\" \/>\n<meta property=\"og:description\" content=\"Learn how to detect the Follina Windows MSDT 0-day vulnerability and protect your organisation from exploitation.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/\" \/>\n<meta property=\"og:site_name\" content=\"Conscia Ireland\" \/>\n<meta property=\"article:published_time\" content=\"2022-06-01T14:13:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-18T08:35:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/conscia.com\/ie\/wp-content\/uploads\/2025\/09\/16by9-using-tech-5.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Mikkel Elvej\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mikkel Elvej\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/conscia.com\/ie\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/\"},\"author\":{\"name\":\"Mikkel Elvej\",\"@id\":\"https:\/\/conscia.com\/ie\/#\/schema\/person\/e65cdf0ee22f4931e48d2ae6c7943a5e\"},\"headline\":\"Vulnerability Spotlight: How to detect Follina the Windows MSDT 0-day&nbsp;\",\"datePublished\":\"2022-06-01T14:13:00+00:00\",\"dateModified\":\"2026-05-18T08:35:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/conscia.com\/ie\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/\"},\"wordCount\":709,\"publisher\":{\"@id\":\"https:\/\/conscia.com\/ie\/#organization\"},\"image\":{\"@id\":\"https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/conscia.com\/ie\/wp-content\/uploads\/2025\/09\/16by9-using-tech-5.jpg\",\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/conscia.com\/ie\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/\",\"url\":\"https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/\",\"name\":\"Vulnerability Spotlight: How to detect Follina the Windows MSDT 0-day&nbsp; - Conscia Ireland\",\"isPartOf\":{\"@id\":\"https:\/\/conscia.com\/ie\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/conscia.com\/ie\/wp-content\/uploads\/2025\/09\/16by9-using-tech-5.jpg\",\"datePublished\":\"2022-06-01T14:13:00+00:00\",\"dateModified\":\"2026-05-18T08:35:08+00:00\",\"description\":\"Learn how to detect the Follina Windows MSDT 0-day vulnerability and protect your organisation from exploitation.\",\"breadcrumb\":{\"@id\":\"https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/#primaryimage\",\"url\":\"https:\/\/conscia.com\/ie\/wp-content\/uploads\/2025\/09\/16by9-using-tech-5.jpg\",\"contentUrl\":\"https:\/\/conscia.com\/ie\/wp-content\/uploads\/2025\/09\/16by9-using-tech-5.jpg\",\"width\":1920,\"height\":1080},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/conscia.com\/ie\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerability Spotlight: How to detect Follina the Windows MSDT 0-day&nbsp;\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/conscia.com\/ie\/#website\",\"url\":\"https:\/\/conscia.com\/ie\/\",\"name\":\"Conscia Ireland\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/conscia.com\/ie\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/conscia.com\/ie\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/conscia.com\/ie\/#organization\",\"name\":\"Conscia Ireland\",\"url\":\"https:\/\/conscia.com\/ie\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/conscia.com\/ie\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/conscia.com\/ie\/wp-content\/uploads\/2025\/08\/conscia_logo_tagline_black.png\",\"contentUrl\":\"https:\/\/conscia.com\/ie\/wp-content\/uploads\/2025\/08\/conscia_logo_tagline_black.png\",\"width\":994,\"height\":241,\"caption\":\"Conscia Ireland\"},\"image\":{\"@id\":\"https:\/\/conscia.com\/ie\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/conscia-ireland\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/conscia.com\/ie\/#\/schema\/person\/e65cdf0ee22f4931e48d2ae6c7943a5e\",\"name\":\"Mikkel Elvej\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/conscia.com\/ie\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/872c0da1fa238af642c0fd874f91c36aaa29e0d61ae46190532092637c9eeee4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/872c0da1fa238af642c0fd874f91c36aaa29e0d61ae46190532092637c9eeee4?s=96&d=mm&r=g\",\"caption\":\"Mikkel Elvej\"},\"url\":\"https:\/\/conscia.com\/ie\/blog\/author\/mhe\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Vulnerability Spotlight: How to detect Follina the Windows MSDT 0-day&nbsp; - Conscia Ireland","description":"Learn how to detect the Follina Windows MSDT 0-day vulnerability and protect your organisation from exploitation.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerability Spotlight: How to detect Follina the Windows MSDT 0-day&nbsp;","og_description":"Learn how to detect the Follina Windows MSDT 0-day vulnerability and protect your organisation from exploitation.","og_url":"https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/","og_site_name":"Conscia Ireland","article_published_time":"2022-06-01T14:13:00+00:00","article_modified_time":"2026-05-18T08:35:08+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/conscia.com\/ie\/wp-content\/uploads\/2025\/09\/16by9-using-tech-5.jpg","type":"image\/jpeg"}],"author":"Mikkel Elvej","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Mikkel Elvej","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/#article","isPartOf":{"@id":"https:\/\/conscia.com\/ie\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/"},"author":{"name":"Mikkel Elvej","@id":"https:\/\/conscia.com\/ie\/#\/schema\/person\/e65cdf0ee22f4931e48d2ae6c7943a5e"},"headline":"Vulnerability Spotlight: How to detect Follina the Windows MSDT 0-day&nbsp;","datePublished":"2022-06-01T14:13:00+00:00","dateModified":"2026-05-18T08:35:08+00:00","mainEntityOfPage":{"@id":"https:\/\/conscia.com\/ie\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/"},"wordCount":709,"publisher":{"@id":"https:\/\/conscia.com\/ie\/#organization"},"image":{"@id":"https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/#primaryimage"},"thumbnailUrl":"https:\/\/conscia.com\/ie\/wp-content\/uploads\/2025\/09\/16by9-using-tech-5.jpg","inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/conscia.com\/ie\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/","url":"https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/","name":"Vulnerability Spotlight: How to detect Follina the Windows MSDT 0-day&nbsp; - Conscia Ireland","isPartOf":{"@id":"https:\/\/conscia.com\/ie\/#website"},"primaryImageOfPage":{"@id":"https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/#primaryimage"},"image":{"@id":"https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/#primaryimage"},"thumbnailUrl":"https:\/\/conscia.com\/ie\/wp-content\/uploads\/2025\/09\/16by9-using-tech-5.jpg","datePublished":"2022-06-01T14:13:00+00:00","dateModified":"2026-05-18T08:35:08+00:00","description":"Learn how to detect the Follina Windows MSDT 0-day vulnerability and protect your organisation from exploitation.","breadcrumb":{"@id":"https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/#primaryimage","url":"https:\/\/conscia.com\/ie\/wp-content\/uploads\/2025\/09\/16by9-using-tech-5.jpg","contentUrl":"https:\/\/conscia.com\/ie\/wp-content\/uploads\/2025\/09\/16by9-using-tech-5.jpg","width":1920,"height":1080},{"@type":"BreadcrumbList","@id":"https:\/\/conscia.com\/blog\/vulnerability-spotlight-how-to-detect-follina-the-windows-msdt-0-day\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/conscia.com\/ie\/"},{"@type":"ListItem","position":2,"name":"Vulnerability Spotlight: How to detect Follina the Windows MSDT 0-day&nbsp;"}]},{"@type":"WebSite","@id":"https:\/\/conscia.com\/ie\/#website","url":"https:\/\/conscia.com\/ie\/","name":"Conscia Ireland","description":"","publisher":{"@id":"https:\/\/conscia.com\/ie\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/conscia.com\/ie\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/conscia.com\/ie\/#organization","name":"Conscia Ireland","url":"https:\/\/conscia.com\/ie\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/conscia.com\/ie\/#\/schema\/logo\/image\/","url":"https:\/\/conscia.com\/ie\/wp-content\/uploads\/2025\/08\/conscia_logo_tagline_black.png","contentUrl":"https:\/\/conscia.com\/ie\/wp-content\/uploads\/2025\/08\/conscia_logo_tagline_black.png","width":994,"height":241,"caption":"Conscia Ireland"},"image":{"@id":"https:\/\/conscia.com\/ie\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/conscia-ireland\/"]},{"@type":"Person","@id":"https:\/\/conscia.com\/ie\/#\/schema\/person\/e65cdf0ee22f4931e48d2ae6c7943a5e","name":"Mikkel Elvej","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/conscia.com\/ie\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/872c0da1fa238af642c0fd874f91c36aaa29e0d61ae46190532092637c9eeee4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/872c0da1fa238af642c0fd874f91c36aaa29e0d61ae46190532092637c9eeee4?s=96&d=mm&r=g","caption":"Mikkel Elvej"},"url":"https:\/\/conscia.com\/ie\/blog\/author\/mhe\/"}]}},"_links":{"self":[{"href":"https:\/\/conscia.com\/ie\/wp-json\/wp\/v2\/posts\/1038","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/conscia.com\/ie\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/conscia.com\/ie\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/conscia.com\/ie\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/conscia.com\/ie\/wp-json\/wp\/v2\/comments?post=1038"}],"version-history":[{"count":3,"href":"https:\/\/conscia.com\/ie\/wp-json\/wp\/v2\/posts\/1038\/revisions"}],"predecessor-version":[{"id":1742,"href":"https:\/\/conscia.com\/ie\/wp-json\/wp\/v2\/posts\/1038\/revisions\/1742"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/conscia.com\/ie\/wp-json\/wp\/v2\/media\/1039"}],"wp:attachment":[{"href":"https:\/\/conscia.com\/ie\/wp-json\/wp\/v2\/media?parent=1038"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/conscia.com\/ie\/wp-json\/wp\/v2\/categories?post=1038"},{"taxonomy":"global_solutions","embeddable":true,"href":"https:\/\/conscia.com\/ie\/wp-json\/wp\/v2\/global_solutions?post=1038"},{"taxonomy":"global_partners","embeddable":true,"href":"https:\/\/conscia.com\/ie\/wp-json\/wp\/v2\/global_partners?post=1038"},{"taxonomy":"global_industries","embeddable":true,"href":"https:\/\/conscia.com\/ie\/wp-json\/wp\/v2\/global_industries?post=1038"},{"taxonomy":"global_business_outcome","embeddable":true,"href":"https:\/\/conscia.com\/ie\/wp-json\/wp\/v2\/global_business_outcome?post=1038"},{"taxonomy":"global_types","embeddable":true,"href":"https:\/\/conscia.com\/ie\/wp-json\/wp\/v2\/global_types?post=1038"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}