The most recent Patch Tuesday updates from Microsoft fix six zero-day flaws, including one involving the security measure known as Mark-of-the-Web (MotW), which has been used by hackers to spread malware.
Windows adds the MotW to files downloaded from unreliable sources, such as email attachments and web browser downloads. Users are informed of the possible dangers when attempting to open files with the MotW, or in the case of Office, macros are blocked to stop malicious code execution. There are ways around MotW defenses, though.
Researcher Will Dormann discovered three distinct MotW bypass techniques and alerted Microsoft to them; however, patches have only recently been released, and only for two of the vulnerabilities.