* [Blog](https://www.paloaltonetworks.com.au/blog) * [Security Operations](https://www.paloaltonetworks.com.au/blog/security-operations/) * [Must-Read Articles](https://www.paloaltonetworks.com.au/blog/security-operations/category/must-read-articles/) * Prevention, Hunting and P... # Prevention, Hunting and Playbooks for MSDT Zero-Day (CVE-2022-30190) [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fsecurity-operations%2Fprevention-hunting-and-playbooks-for-msdt-zero-day-cve-2022-30190%2F) [](https://twitter.com/share?text=Prevention%2C+Hunting+and+Playbooks+for+MSDT+Zero-Day+%28CVE-2022-30190%29&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fsecurity-operations%2Fprevention-hunting-and-playbooks-for-msdt-zero-day-cve-2022-30190%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fsecurity-operations%2Fprevention-hunting-and-playbooks-for-msdt-zero-day-cve-2022-30190%2F&title=Prevention%2C+Hunting+and+Playbooks+for+MSDT+Zero-Day+%28CVE-2022-30190%29&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/security-operations/prevention-hunting-and-playbooks-for-msdt-zero-day-cve-2022-30190/&ts=markdown) \[\](mailto:?subject=Prevention, Hunting and Playbooks for MSDT Zero-Day (CVE-2022-30190)) Link copied By [Cortex XDR Research Team](https://www.paloaltonetworks.com/blog/author/cortex/?ts=markdown "Posts by Cortex XDR Research Team") Jun 01, 2022 6 minutes [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown) [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown) [Cortex XDR](https://www.paloaltonetworks.com/blog/tag/cortex-xdr/?ts=markdown) [Cortex XSOAR](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar/?ts=markdown) [CVE-2022-30190](https://www.paloaltonetworks.com/blog/tag/cve-2022-30190/?ts=markdown) [Follina](https://www.paloaltonetworks.com/blog/tag/follina/?ts=markdown) [SOAR](https://www.paloaltonetworks.com/blog/tag/soar-2/?ts=markdown) [Threat Hunting](https://www.paloaltonetworks.com/blog/tag/threat-hunting/?ts=markdown) [zero-day](https://www.paloaltonetworks.com/blog/tag/zero-day/?ts=markdown) Written by **Eli Birkan, Gal De Leon,** and **Niv DavidPur** ## Understand How Cortex XDR and Cortex XSOAR Protect Organizations Against Follina Zero-Day Exploits In the last few days, a zero-day abusing Microsoft Support Diagnostic Tool (MSDT) protocol handler was caught being exploited in the wild. The zero-day vulnerability, dubbed Follina, was discovered by accident after a researcher [found](https://twitter.com/nao_sec/status/1530196847679401984) a malicious Microsoft Word document [submitted to VirusTotal](https://www.virustotal.com/gui/file/4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784/detection) from an IP address in Belarus. Further analysis revealed that the malicious document abuses a zero day vulnerability in Word to execute a PowerShell payload. Soon after the malicious document was shared, multiple security researchers successfully reproduced the exploit on Microsoft Office 2003 through the current version (https://github.com/chvancooten/follina.py). Additional analysis showed that similar files [dating back](https://twitter.com/fstenv/status/1531233159412596737) to April 2022 were observed in Russia-Ukraine cyber activity. ## How Does the Vulnerability Work? CVE-2022-30190 is a zero-day vulnerability in the MSDT component. At the time of writing, a patch does not exist for this vulnerability; a proof-of-concept exploit is publicly available, and Microsoft reported it is being actively exploited in the wild. Using this vulnerability, attackers can run malicious code on the victim's endpoint through malformed MS Office documents. The vulnerability is similar to CVE-2021-40444 but abuses the MSDT protocol handler (ms-msdt) to achieve remote code execution (RCE). Our researchers analyzed multiple samples of this exploit and observed the following behaviors: 1. When the malicious document is opened, Microsoft Office downloads an HTML file from a remote server and executes it. Alternative vectors of attack could also work with Internet Explorer, Microsoft Edge, and even PowerShell's "wget" command. 2. The HTML file contains JavaScript code that uses MSDT protocol handler. ![(Figure 1 - ms-msdt protocol handler definition in registry)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/06/word-image-2.png) *(Figure 1 - ms-msdt protocol handler definition in registry)* 3. Using the ms-msdt protocol handler, the attacker is able to control the arguments passed to msdt.exe, which is spawned by winword.exe. 4. Msdt.exe runs the [troubleshooting pack](https://docs.microsoft.com/en-us/previous-versions/windows/desktop/wintt/running-the-troubleshooting-package) for Program Compatibility Wizard (PCW), which executes the script 'C:\\Windows\\diagnostics\\system\\PCW\\**TS\_ProgramCompatibilityWizard.ps1**' in the context of sdiagnhost.exe. That script gets one of its arguments, IT\_BrowseForFile, directly from msdt.exe's command line which is controlled by the attacker. ![(Figure 2 - Snippet from TS\_ProgramCompatibilityWizard.ps1 that fetches IT\_BrowseForFile parameter)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/06/word-image-3.png) *(Figure 2 - Snippet from TS\_ProgramCompatibilityWizard.ps1 that fetches IT\_BrowseForFile parameter)* 5. After some validation on the contents of "IT\_BrowseForFile" argument, TS\_ProgramCompatibilityWizard.ps1 calls **Update-DiagRootCause** cmdlet to set the diagnosis root cause. That cmdlet gets the forged argument in the "TARGETPATH" parameter. ![(Figure 3 - Passing parameters to Update-DiagRootCause cmdlet)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/06/word-image-4.png) *(Figure 3 - Passing parameters to Update-DiagRootCause cmdlet)* 6\*\*. Update-DiagRootCause\*\*then calls RecordRootcause, which triggers another script execution from msdt.exe to sdiagnhost.exe in Rootcause::Resolve. ![(Figure 4 - Update-DiagRootCause in sdiagnhost.exe calls RecordRootcause)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/06/word-image-5.png) *(Figure 4 - Update-DiagRootCause in sdiagnhost.exe calls RecordRootcause)* 7. The sdiagnhost.exe application executes 'C:\\Windows\\diagnostics\\system\\PCW\\**RS\_ProgramCompatibilityWizard.ps1** ' script. Before the script is executed, PowerShell's engine **evaluates** the value of TARGETPATH parameter as a valid PowerShell statement, which essentially **allows command injection** and execution of arbitrary PowerShell code. ![(Figure 5 - malicious args passed by Rootcause::Resolve in msdt.exe)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/06/word-image-6.png) *(Figure 5 - malicious args passed by Rootcause::Resolve in msdt.exe)* 8. Any malicious activity on the machine will be spawned by sdiaghost.exe. Cortex XDR Agent 7.5 (and above) prevents this threat with the Behavioral Threat Protection module (starting from content version 540-92526) with the following alert: **Alert Name:** *CVE Exploitation - 3609678030* **Description:** *Follina variant - Behavioral threat detected (rule: msdt\_exploit)* ## Hunting for This Attack in Your Environment You can hunt for this attack using XQL Search in Cortex XDR. **// office processes spawning msdt.exe** config case\_sensitive = false timeframe = 30d | dataset = xdr\_data | filter event\_type = ENUM.PROCESS and action\_process\_image\_command\_line contains "msdt.exe" and actor\_process\_image\_name in ("winword.exe", "powerpnt.exe", "excel.exe", "msaccess.exe","visio.exe","onenote.exe","powershell.exe") | fields agent\_hostname , action\_process\_image\_command\_line , action\_process\_image\_path , actor\_process\_command\_line , actor\_process\_image\_path , causality\_actor\_process\_image\_path **// msdt.exe execution with suspicious argument** config case\_sensitive = false timeframe = 30d | dataset = xdr\_data | filter event\_type = ENUM.PROCESS and action\_process\_image\_command\_line contains "msdt.exe" and action\_process\_image\_command\_line contains "it\_browseforfile" | fields agent\_hostname , action\_process\_image\_command\_line , action\_process\_image\_path , actor\_process\_command\_line , actor\_process\_image\_path , causality\_actor\_process\_image\_path ## How Cortex XSOAR Can Help Our mission has been to help our customers automate security operations as much as possible -- a key part of staying ahead of today's automated attackers. To help with this, we provide playbooks for specific types of response, maintain an ecosystem where others can contribute playbooks as well, and we advise our customers to add our playbooks to their SecOps process to automate what they can. For this attack and many others, organizations can leverage the power of automation with Cortex XSOAR to help speed up the discovery and remediation of compromised hosts within the network. XSOAR automated playbooks aid in unifying threat feed ingestion, indicator enrichment, and incident management workflows, helping your team respond to attacks at machine speed. The ["CVE-2022-30190 - MSDT RCE"](https://xsoar.pan.dev/marketplace/details/CVE_2022_30190) playbook includes the following tasks: * Collect detection rules. * Exploitation patterns hunting using Cortex XDR - XQL Engine and 3rd party SIEM products. * Cortex XDR BIOCs coverage. * Microsoft workarounds and detection capabilities. ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/06/word-image-8.png) *(Figure 6 - "CVE-2022-30190 - MSDT RCE" playbook)* ## **Conclusion** The Follina MSDT code execution vulnerability is a critical vulnerability that enables remote code execution with the same privileges as the calling application. We recommend following Microsoft's guidance to protect your organization until a patch is issued. Once a patch is released by Microsoft, we recommend installing the patch on all affected systems. You can also rely on Cortex XDR and Cortex XSOAR to hunt for and block attacks associated with the MSDT code execution vulnerability. Cortex XDR Agent 7.5 and higher (with content version 540-92526) prevents attempts to exploit this vulnerability with the Behavioral Threat Protection. In addition, Cortex XDR lets you hunt for signs of attack in your environment. Cortex XSOAR automated playbooks help your team respond to attacks quickly by unifying threat feed ingestion, indicator enrichment, and incident management workflows. **Want to learn more about Cortex XDR and Cortex XSOAR? Visit the [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr) and [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar) web pages.** ## References: * [Threat Brief: CVE-2022-30190 -- MSDT Code Execution Vulnerability](https://unit42.paloaltonetworks.com/cve-2022-30190-msdt-code-execution-vulnerability/) * [Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability -- Microsoft Security Response Center](https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/) * [Security Update Guide - Microsoft](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190) * [Using Cortex XSOAR to Deal With MSHTML Zero-Day Vulnerability (CVE-2021-40444) | Palo Alto Networks](https://live.paloaltonetworks.com/t5/blogs/using-cortex-xsoar-to-deal-with-mshtml-zero-day-vulnerability/ba-p/433852) *** ** * ** *** ## Related Blogs ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown) [#### Remediating PrintNightmare (CVE-2021-1675) Using Cortex XSOAR](https://www.paloaltonetworks.com.au/blog/security-operations/remediating-printnightmare-cve-2021-1675-using-cortex-xsoar/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown) [#### Deloitte's Cloud Migration Success: Transforming SecOps with Cortex XSOAR](https://www.paloaltonetworks.com.au/blog/security-operations/deloittes-cloud-migration-success-transforming-secops-with-cortex-xsoar/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown) [#### Cortex XSOAR Ranked #1 for SOC Automation](https://www.paloaltonetworks.com.au/blog/security-operations/cortex-xsoar-ranked-1-for-soc-automation/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [#### What's Next in Cortex - New Wave of Innovations in Cortex (June 2024 Release)](https://www.paloaltonetworks.com.au/blog/security-operations/whats-next-in-cortex-new-wave-of-innovations-in-cortex-june-2024-release/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [#### Forrester Names Palo Alto Networks a Leader in XDR](https://www.paloaltonetworks.com.au/blog/2024/06/forrester-names-palo-alto-networks-a-leader-in-xdr/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [#### Unveiling the Power of Automation for MSSPs](https://www.paloaltonetworks.com.au/blog/security-operations/unveiling-the-power-of-automation-for-mssps/) ### Subscribe to Security Operations Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language