{"id":30977,"date":"2013-11-05T10:00:02","date_gmt":"2013-11-05T18:00:02","guid":{"rendered":"http:\/\/blogs.mcafee.com\/?p=30977"},"modified":"2025-06-08T20:19:12","modified_gmt":"2025-06-09T03:19:12","slug":"zero-day-exploit-targeting-microsoft-office","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/","title":{"rendered":"McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office"},"content":{"rendered":"<p>Last Thursday morning (October 31), our Advanced Exploit Detection System (AEDS), which we discussed in an <a href=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2\/\">earlier post<\/a>, detected a suspicious sample targeting Microsoft Office. After some investigation, we confirmed this is a zero-day attack.<\/p>\n<h2>Our Findings<\/h2>\n<p>Considering the importance of this incident, we shared our findings immediately with the Microsoft Security Response Center and worked closely with them in the last couple days. Today, as Microsoft has publicly released the <a href=\"http:\/\/technet.microsoft.com\/security\/advisory\/2896666\">security advisory <\/a>with mitigations and workarounds, we feel it is time to share some detail of this zero-day attack.<\/p>\n<p>Here is the traffic captured by this attack on a fully updated version of Office 2007 running on Windows XP SP3.<\/p>\n<p><a href=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/traffic13.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-30998\" src=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/traffic13.png\" alt=\"traffic1\" width=\"606\" height=\"462\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/traffic13.png 758w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/traffic13-300x228.png 300w\" sizes=\"auto, (max-width: 606px) 100vw, 606px\" \/><\/a><\/p>\n<p>As we can see, after successful exploitation, the exploit downloads an executable (saved to <em>C:\\Documents and Settings\\&lt;username&gt;\\Local Settings\\Temp\\winword.exe<\/em>) from the controlled web server<i>.<\/i><\/p>\n<p>The executable is actually a RAR SFX containing another executable and a fake Word document. The another executable (dropped to <em>C:\\Documents and Settings\\&lt;username&gt;\\Updates.exe<\/em>) is a backdoor allowing attacker to take control of the victim&#8217;s computer. The fake document (dropped to <em>C:\\Documents and Settings\\&lt;username&gt;\\Shanti.doc<\/em>) is popped to the victim right after the success of the exploitation, this is a common post-exploitation trick which tries to prevent victims from being aware of this attack.<\/p>\n<p>The zero-day exploit sample is organized as the Word OpenXML format (.docx). We observed many ActiveX objects contained in the \u201cactiveX\u201d directory after unzipping the .docx file. This suggests that the exploit uses ActiveX control to spray the heap memory.<\/p>\n<p><a href=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/activex_spray1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-31033\" src=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/activex_spray1.png\" alt=\"activex_spray1\" width=\"405\" height=\"339\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/activex_spray1.png 506w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/activex_spray1-300x251.png 300w\" sizes=\"auto, (max-width: 405px) 100vw, 405px\" \/><\/a><\/p>\n<p>It is worth to note that this heap-spraying in Office via ActiveX objects is a new exploitation trick which we didn&#8217;t see before, previously attackers usually chose Flash Player to spray memory in Office. We would believe the new trick was developed under the background that Adobe introduced a <a href=\"https:\/\/blogs.adobe.com\/asset\/2013\/02\/click-to-play-for-office-is-here.html\">click-to-play feature<\/a> in Flash Player months ago, which basically killed the old one. This is another proof that attacking technique always tries to evolve when old ones don&#8217;t work anymore.<\/p>\n<p>As it shows, the meta date of the files were set to October 17, 2013, which may suggest a creation time of this exploit (though, the meta time could be faked).<\/p>\n<p>And this is the place that EIP is being controlled to a sprayed memory space 0x08080808.<\/p>\n<p><a href=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/eip_control_windbg_hidden211.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-31059\" src=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/eip_control_windbg_hidden211.png\" alt=\"eip_control_windbg_hidden21\" width=\"633\" height=\"187\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/eip_control_windbg_hidden211.png 633w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/eip_control_windbg_hidden211-300x88.png 300w\" sizes=\"auto, (max-width: 633px) 100vw, 633px\" \/><\/a><\/p>\n<p>Speaking on the vulnerability leveraged by this attack, while we spotted the attack performed via Office 2007 running on Windows XP, this is actually a fault existing in a TIFF-processing component shipped with Microsoft Office. Therefore, not only are Office 2007 with Windows XP vulnerable to this attack, but also more environments are affected by this vulnerability. In addition, our later research showed this exploit also works on Office 2007 running on Windows 7. We&#8217;d suggest that readers take a look at the <a href=\"http:\/\/blogs.technet.com\/b\/srd\/archive\/2013\/11\/05\/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx\">SRD blog post<\/a> where they shared the exact affected environments and views from the vendor&#8217;s perspective. The Labs has been actively working on getting every piece of details of this exploit, we may share our additional findings in the near future.<\/p>\n<p>Our AEDS continues to monitor advanced threats such as zero-day exploits and APTs worldwide, as a part of our <a href=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/evolution-of-malware-sandbox-evasion-tactics-a-retrospective-study\/\">commitments<\/a> to protect our customers from today&#8217;s fast-evolving attacks.<\/p>\n<p>For McAfee customers, we have released NIPS signature &#8220;<em>UDS-ShantiMalwareDetected<\/em>&#8221; last Friday to deliver protection in advance, our HIPS product is able to detect this attack without any update.<\/p>\n<p><em>Thanks Bing Sun, Chong Xu, Xiaoning Li (McAfee Labs)\u00a0 and\u00a0Lijun Cheng for their hard work on the exploit analysis as well as IPS detections. Guilherme Venere and Abhishek Karnik also contributed from the anti-virus side.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last Thursday morning (October 31), our Advanced Exploit Detection System (AEDS), which we discussed in an earlier post, detected a&#8230;<\/p>\n","protected":false},"author":610,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[1411],"coauthors":[2524],"class_list":["post-30977","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-advanced-persistent-threats"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Last Thursday morning (October 31), our Advanced Exploit Detection System (AEDS), which we discussed in an earlier post, detected a suspicious sample\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Last Thursday morning (October 31), our Advanced Exploit Detection System (AEDS), which we discussed in an earlier post, detected a suspicious sample\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2013-11-05T18:00:02+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-09T03:19:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/traffic13.png\" \/>\n\t<meta property=\"og:image:width\" content=\"758\" \/>\n\t<meta property=\"og:image:height\" content=\"577\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Haifei Li\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Haifei Li\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/\"},\"author\":{\"name\":\"Haifei Li\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/fd18845cc3f27ed398648df8cc802444\"},\"headline\":\"McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office\",\"datePublished\":\"2013-11-05T18:00:02+00:00\",\"dateModified\":\"2025-06-09T03:19:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/\"},\"wordCount\":614,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/traffic13.png\",\"keywords\":[\"advanced persistent threats\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/\",\"name\":\"McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/traffic13.png\",\"datePublished\":\"2013-11-05T18:00:02+00:00\",\"dateModified\":\"2025-06-09T03:19:12+00:00\",\"description\":\"Last Thursday morning (October 31), our Advanced Exploit Detection System (AEDS), which we discussed in an earlier post, detected a suspicious sample\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/traffic13.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/traffic13.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/fd18845cc3f27ed398648df8cc802444\",\"name\":\"Haifei Li\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/88c52c07fcacd190468a32af554e5f36\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/49ae79ecae2f1bff04cb595e12d9cc72?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/49ae79ecae2f1bff04cb595e12d9cc72?s=96&d=mm&r=g\",\"caption\":\"Haifei Li\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/haifeili\/\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/haifei-li\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office | McAfee Blog","description":"Last Thursday morning (October 31), our Advanced Exploit Detection System (AEDS), which we discussed in an earlier post, detected a suspicious sample","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office | McAfee Blog","og_description":"Last Thursday morning (October 31), our Advanced Exploit Detection System (AEDS), which we discussed in an earlier post, detected a suspicious sample","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2013-11-05T18:00:02+00:00","article_modified_time":"2025-06-09T03:19:12+00:00","og_image":[{"width":758,"height":577,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/traffic13.png","type":"image\/png"}],"author":"Haifei Li","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"Haifei Li","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/"},"author":{"name":"Haifei Li","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/fd18845cc3f27ed398648df8cc802444"},"headline":"McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office","datePublished":"2013-11-05T18:00:02+00:00","dateModified":"2025-06-09T03:19:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/"},"wordCount":614,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/traffic13.png","keywords":["advanced persistent threats"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/","name":"McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/traffic13.png","datePublished":"2013-11-05T18:00:02+00:00","dateModified":"2025-06-09T03:19:12+00:00","description":"Last Thursday morning (October 31), our Advanced Exploit Detection System (AEDS), which we discussed in an earlier post, detected a suspicious sample","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/traffic13.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/traffic13.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/zero-day-exploit-targeting-microsoft-office\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/fd18845cc3f27ed398648df8cc802444","name":"Haifei Li","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/88c52c07fcacd190468a32af554e5f36","url":"https:\/\/secure.gravatar.com\/avatar\/49ae79ecae2f1bff04cb595e12d9cc72?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/49ae79ecae2f1bff04cb595e12d9cc72?s=96&d=mm&r=g","caption":"Haifei Li"},"sameAs":["https:\/\/www.linkedin.com\/in\/haifeili\/"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/haifei-li\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/30977","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/610"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=30977"}],"version-history":[{"count":4,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/30977\/revisions"}],"predecessor-version":[{"id":215302,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/30977\/revisions\/215302"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=30977"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=30977"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=30977"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=30977"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}