We help IT Professionals succeed at work.

Is downloading fonts in IE 10 safe?

JDI-IT
JDI-IT asked
on
My organization currently has the "font download" option disabled in the Internet zone of ie10.  I believe this was done to prevent fonts from running malicious code.  I saw that back in 2013 there was a ms security bulletin that addressed the issue.  Would it be a big security risk to enable font downloading at this point?
Comment
Watch Question

Top Expert 2015

Commented:
Fonts are part of html5, much smaller danger than java plugin or flash plugin.
Given later are almost permanently vulnerable and not being patched, a font or 10 will not make significant damage.
Even cleartype was patched once, it does not mean it is no longer vulnerable (and whole IE was swapped like 20 times in meantime, still nowhere close to secure)...
I assume you know all about EMET and IE safe  modes...

Author

Commented:
Thanks for the info gheist!  Yes, we currently have EMET deployed and we've looked into deploying IE in protected mode.
Top Expert 2015
Commented:
so you are doing your best. keep web fonts on and hand on 3rd red switch next to flush and java...