Windows adds the MotW to files coming from untrusted locations, including browser downloads and email attachments. When trying to open files with the MotW, users are warned about the potential risks or, in the case of Office, macros are blocked to prevent malicious code execution.

However, there are ways to bypass MotW defenses. Researcher Will Dormann has identified three different MotW bypass methods and informed Microsoft about them over the summer, but patches were only rolled out now, and only for two of the vulnerabilities. The techniques work against all or most versions of Windows.