diff --git a/README.md b/README.md
index 5e46a7c..ea843ba 100644
--- a/README.md
+++ b/README.md
@@ -60,9 +60,10 @@ let's see the most important:
   and according to [MS documentation](http://download.microsoft.com/download/4/d/a/4da14f27-b4ef-4170-a6e6-5b1ef85b1baa/[ms-cab].pdf), 
   this value can be 0
 
-**NOTE1**: Defender now detects the CAB file using the `_IMAGE_DOS_HEADER.e_magic` value as a signature, potentially avoiding
-PE files to be embedded in the CAB. Can this signature be bypassed? As observed before, this is a patched vulnerability, 
-so I'm not planning to release anything more complex than this. Up to the curious reader to develop this further.
+**NOTE1**: Defender now detects if the CAB file contains a PE by using the `_IMAGE_DOS_HEADER.e_magic` value as a 
+signature, potentially avoiding PE files to be embedded in the CAB. Can this signature be bypassed? 
+I'm not sure but, as observed before, this is a patched vulnerability, so I'm not planning to invest much more time 
+on this. Up to the curious reader to develop this further.
 
 **NOTE2**: Microsoft Patch blocks arbitrary URI schemes, apparently using a blacklist approach (this is just a supposition)