Microsoft implemented a new security feature in Windows 10's November update build that added an option to the operating system to block the loading of untrusted fonts.
The use of fonts has always been problematic in the Windows operating system from a security point of view as bugs in font-handling code could give attackers high-level privileges.
Bulletins such as MS15-078 indicate that the Windows font system is targeted regularly, and one way to mitigate the impact of these attacks was the new untrusted font blocking security feature built-into Windows 10.
I have mentioned the feature when I reviewed the new version of Microsoft EMET, as it shipped with support for it, but it has been likely missed by at least some users, hence this new article.
The security feature needs to be enabled in the Windows Registry, and there for every machine that you want to enable the feature on.
Note: It is highly suggested to set the untrusted font blocking security feature to audit mode first, as you may run into issues with third-party applications after enabling the feature on a machine running Windows 10.
Alternatively, if you are running Microsoft EMET 5.5 on the machine, you may enable the "block untrusted fonts" feature using the application interface.
If you set it to audit mode, all blocked font loading attempts are written to the event log.
Some programs may not load or display correctly after you enable untrusted font blocking in Windows 10. While you may be able to resolve some of the issues directly, for instance by enforcing the use of system fonts in the application, you may run into issues with some apps where that is not an option.
Microsoft added an option to the security feature that enables you to set exceptions for these processes.
Additional information about the blocking of untrusted fonts are available on Microsoft's Technet website.
Side Note: Google enabled the feature individually for its Chrome web browser running on Windows 10 recently according to an Ars Technica report improving security for Chrome users on Windows 10 in the process.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.