Microsoft Office has been a long favorite delivery mechanism for malicious payloads, from pen-testers to nation-state threat actor groups, and for good reason. Widely adopted. Large attack surface. Robust legacy support. These traits have been the source of news headlines for decades. This brings us to 2022. On May 27th, @nao_sec Tweeted about a suspicious document pivoting through Microsoft's Support Diagnostic Tool via the 'ms-msdt' scheme. The timing of this in-the-wild discovery coincided with a US holiday, and over the weekend the vulnerability picked up the name "Follina". On May 31st, we saw an official acknowledgment from Microsoft and formalized on CVE-2022-30190.