A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW). Failing to set MOTW means a large number Microsoft technologies are bypassed. In web-based attack scenario, an attacker could host malicious website is designed exploit bypass. Alternatively, email or instant message send targeted user specially crafted .url file Additionally, compromised websites accept user-provided content contain However, all cases would have no way force view attacker-controlled content. Instead, convince take action. For example, entice either click link directs attacker's site attachment. The update addresses by correcting how handles tagging.