{"id":49116,"date":"2016-04-27T11:39:46","date_gmt":"2016-04-27T18:39:46","guid":{"rendered":"https:\/\/blogs.mcafee.com\/?p=49116"},"modified":"2025-05-29T03:11:08","modified_gmt":"2025-05-29T10:11:08","slug":"cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/","title":{"rendered":"CVE-2016-0018: DLL Planting Leads to a Remote Code Execution Vulnerability"},"content":{"rendered":"

DLL planting, also known as DLL side loading, is a popular attack technique today. If we take a look at the list of advisories Microsoft has recently\u00a0published<\/a>,\u00a0it is clear that a large number of vulnerabilities encompass\u00a0DLL planting. We have seen many targeted attacks that abuse Windows OLE in many ways. At BlackHat USA 2015, an McAfee team presented the\u00a0paper “Attacking Interoperability: an OLE Edition,”<\/a>\u00a0which covered various attack techniques and attack surfaces of OLE. In this paper, my colleagues Bing Sun and Haifei Li showcased many interesting vulnerabilities in OLE.<\/p>\n

Recently we informed Microsoft of a vulnerability that\u00a0can be exploited by attackers to perform a DLL side-loading attack. In this case, the vulnerable COM class object ID (CLSID) is {f4ba59cc-2506-45ae-84c8-78ea8d7f9b3e}. This CLSID can be found in the registry at HKEY_CLASSES_ROOT\\CLSID\\{f4ba59cc-2506-45ae-84c8-78ea8d7f9b3e}. This CLSID\u2019s InprocServer32 key points to the file invagent.dll. A quick Google search reveals this DLL is a part of Windows and is covered by the update KB2976978.<\/p>\n

\"CVE_02016_0018_A_Tale_of_a_windows_library_loading\"<\/p>\n

During our research we found that it is possible to load and initialize this COM object with specially crafted Office document. As proof of concept, we created a Word document with an embedded external OLE object. Opening our Word doc in Office, we see this:<\/p>\n

\"CVE_02016_0018_A_Tale_of_a_windows_library_loading_2\"<\/p>\n

Later we simply patched and changed the CLSID to {f4ba59cc-2506-45ae-84c8-78ea8d7f9b3e}.<\/p>\n

\"CVE_02016_0018_A_Tale_of_a_windows_library_loading_3\"<\/p>\n

Now if we double-click the embedded icon, Office tries to load the OLE object and associated DLLs into the process. One of the DLLs Office tries to load is api-ms-win-core-winrt-l1-1-0.dll. We\u00a0noticed that if we placed a DLL named api-ms-win-core-winrt-l1-1-0.dll in the same location as the crafted doc, Office simply loads the DLL from the current working directory, allowing us to execute arbitrary code through a planted fake DLL. In Process Monitor, below, we can see that the DLL is loaded from the current working directory.<\/p>\n

\"CVE_02016_0018_A_Tale_of_a_windows_library_loading_4\"<\/p>\n

To prove our\u00a0point, we compiled a fake api-ms-win-core-winrt-l1-1-0.dll in which DLLMain() executes calc.exe and was placed that DLL in the same folder with the crafted Word doc. As we see in the following screen, as soon as we click on the embedded doc icon, calc.exe pops up.<\/p>\n

\"CVE_02016_0018_A_Tale_of_a_windows_library_loading_5\"<\/p>\n

This same attack can also be performed with a specially crafted rich text format (RTF) document. What’s interesting about an RTF attack is that no user interaction (such as a mouse click) is required to achieve code execution.<\/p>\n

\"CVE_02016_0018_A_Tale_of_a_windows_library_loading_6\"<\/p>\n

The next screen shows the stack trace of the vulnerable LoadLibraryEx() call. As we can see the OLE initialization process started from a call to ole32!OleLoad() -> ole32!CoCreateInstance() and goes on from there.<\/p>\n

\"CVE_02016_0018_A_Tale_of_a_windows_library_loading_7\"<\/p>\n

The next screen shows the disassembly of the vulnerable\u00a0function invagent!AeInvProvider::AeInvProvider(), in which the insecure\u00a0library load happens.<\/p>\n

\"CVE_02016_0018_A_Tale_of_a_windows_library_loading_8\"<\/p>\n

Microsoft pushed out a fix for this bug in January, as part of MS16-007 (https:\/\/support.microsoft.com\/en-us\/kb\/2952664). As a fix, the\u00a0dwFlags\u00a0parameter of the\u00a0LoadLibraryEx()<\/a> function was set to 0x800. With this value, only the %windows%\\system32 path is searched for the DLLs. The following screen shows the patched function after installing this fix.<\/p>\n

\"CVE_02016_0018_A_Tale_of_a_windows_library_loading_9\"<\/p>\n

For a video demonstration <\/a>of this attack, click here.<\/a><\/span><\/p>\n

Disclosure time line:<\/strong><\/h2>\n

January 8:<\/strong>\u00a0McAfee reports the issue to Microsoft.
\nJanuary 9:<\/strong> Automated response from Microsoft.
\nFebruary 27:<\/strong>\u00a0Microsoft confirms the issue and informs us a fix was part of Security Bulletin MS16-007<\/a> (January’s Patch Tuesday update).
\nApril 21:\u00a0<\/strong>Microsoft publicly acknowledges <\/a>our report.<\/p>\n","protected":false},"excerpt":{"rendered":"

DLL planting, also known as DLL side loading, is a popular attack technique today. If we take a look at…<\/p>\n","protected":false},"author":674,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[1814,338],"coauthors":[3973],"class_list":["post-49116","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-computer-security","tag-endpoint-protection"],"acf":[],"yoast_head":"\nCVE-2016-0018: DLL Planting Leads to a Remote Code Execution Vulnerability | McAfee Blog<\/title>\n<meta name=\"description\" content=\"DLL planting, also known as DLL side loading, is a popular attack technique today. If we take a look at the list of advisories Microsoft has\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CVE-2016-0018: DLL Planting Leads to a Remote Code Execution Vulnerability | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"DLL planting, also known as DLL side loading, is a popular attack technique today. If we take a look at the list of advisories Microsoft has\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-04-27T18:39:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-29T10:11:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/CVE_02016_0018_A_Tale_of_a_windows_library_loading.png\" \/>\n\t<meta property=\"og:image:width\" content=\"836\" \/>\n\t<meta property=\"og:image:height\" content=\"224\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"McAfee\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/\"},\"author\":{\"name\":\"McAfee\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\"},\"headline\":\"CVE-2016-0018: DLL Planting Leads to a Remote Code Execution Vulnerability\",\"datePublished\":\"2016-04-27T18:39:46+00:00\",\"dateModified\":\"2025-05-29T10:11:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/\"},\"wordCount\":618,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/CVE_02016_0018_A_Tale_of_a_windows_library_loading.png\",\"keywords\":[\"computer security\",\"endpoint protection\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/\",\"name\":\"CVE-2016-0018: DLL Planting Leads to a Remote Code Execution Vulnerability | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/CVE_02016_0018_A_Tale_of_a_windows_library_loading.png\",\"datePublished\":\"2016-04-27T18:39:46+00:00\",\"dateModified\":\"2025-05-29T10:11:08+00:00\",\"description\":\"DLL planting, also known as DLL side loading, is a popular attack technique today. If we take a look at the list of advisories Microsoft has\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/CVE_02016_0018_A_Tale_of_a_windows_library_loading.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/CVE_02016_0018_A_Tale_of_a_windows_library_loading.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"CVE-2016-0018: DLL Planting Leads to a Remote Code Execution Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\",\"name\":\"McAfee\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"caption\":\"McAfee\"},\"description\":\"We're here to make life online safe and enjoyable for everyone.\",\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/x.com\/McAfee\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CVE-2016-0018: DLL Planting Leads to a Remote Code Execution Vulnerability | McAfee Blog","description":"DLL planting, also known as DLL side loading, is a popular attack technique today. If we take a look at the list of advisories Microsoft has","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"CVE-2016-0018: DLL Planting Leads to a Remote Code Execution Vulnerability | McAfee Blog","og_description":"DLL planting, also known as DLL side loading, is a popular attack technique today. If we take a look at the list of advisories Microsoft has","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2016-04-27T18:39:46+00:00","article_modified_time":"2025-05-29T10:11:08+00:00","og_image":[{"width":836,"height":224,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/CVE_02016_0018_A_Tale_of_a_windows_library_loading.png","type":"image\/png"}],"author":"McAfee","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/"},"author":{"name":"McAfee","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa"},"headline":"CVE-2016-0018: DLL Planting Leads to a Remote Code Execution Vulnerability","datePublished":"2016-04-27T18:39:46+00:00","dateModified":"2025-05-29T10:11:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/"},"wordCount":618,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/CVE_02016_0018_A_Tale_of_a_windows_library_loading.png","keywords":["computer security","endpoint protection"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/","name":"CVE-2016-0018: DLL Planting Leads to a Remote Code Execution Vulnerability | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/CVE_02016_0018_A_Tale_of_a_windows_library_loading.png","datePublished":"2016-04-27T18:39:46+00:00","dateModified":"2025-05-29T10:11:08+00:00","description":"DLL planting, also known as DLL side loading, is a popular attack technique today. If we take a look at the list of advisories Microsoft has","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/CVE_02016_0018_A_Tale_of_a_windows_library_loading.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/CVE_02016_0018_A_Tale_of_a_windows_library_loading.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2016-0018-dll-planting-leads-to-a-remote-code-execution-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"CVE-2016-0018: DLL Planting Leads to a Remote Code Execution Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa","name":"McAfee","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","caption":"McAfee"},"description":"We're here to make life online safe and enjoyable for everyone.","sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/x.com\/McAfee"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/49116","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/674"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=49116"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/49116\/revisions"}],"predecessor-version":[{"id":214698,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/49116\/revisions\/214698"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=49116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=49116"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=49116"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=49116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}