<div>
Fonts are part of html5, much smaller danger than java plugin or flash plugin. <br />
Given later are almost permanently vulnerable and not being patched, a font or 10 will not make significant damage.<br />
Even cleartype was patched once, it does not mean it is no longer vulnerable (and whole IE was swapped like 20 times in meantime, still nowhere close to secure)... <br />
I assume you know all about EMET and IE safe &nbsp;modes...
</div>


Fonts are part of html5, much smaller danger than java plugin or flash plugin.
Given later are almost permanently vulnerable and not being patched, a font or 10 will not make significant damage.
Even cleartype was patched once, it does not mean it is no longer vulnerable (and whole IE was swapped like 20 times in meantime, still nowhere close to secure)...
I assume you know all about EMET and IE safe  modes...

<div>
Thanks for the info gheist! &nbsp;Yes, we currently have EMET deployed and we've looked into deploying IE in protected mode.
</div>


Thanks for the info gheist!  Yes, we currently have EMET deployed and we've looked into deploying IE in protected mode.

<div>
<div class="content wysiwyg-content">
My organization currently has the &quot;font download&quot; option disabled in the Internet zone of ie10. &nbsp;I believe this was done to prevent fonts from running malicious code. &nbsp;I saw that back in 2013 there was a ms security bulletin that addressed the issue. &nbsp;Would it be a big security risk to enable font downloading at this point?
</div>
</div>


My organization currently has the "font download" option disabled in the Internet zone of ie10.  I believe this was done to prevent fonts from running malicious code.  I saw that back in 2013 there was a ms security bulletin that addressed the issue.  Would it be a big security risk to enable font downloading at this point?

Is downloading fonts in IE 10 safe?

Web browsers are applications used primarily to display documents, files and media from the Internet, identified by a Uniform Resource Identifier (URI) that can be a page, image, video or other file. Some browsers require the use of add-ons or extensions to safely render the information they receive; others have systems built into them to perform the same functions.