Block untrusted fonts to keep Network safe in Windows 11/10

Fonts seem innocent when on the computer. Nigh of the time, we do not even pay attending to the fonts on web pages except when they are too difficult on the optics. But untrusted fonts on web pages may be misused by hackers to compromise your network. This post explains how to block untrusted fonts in Windows xi and Windows 10.

While working locally, about all the fonts we use, come from the %windir%/fonts folder. That is, the fonts are installed into the Windows fonts binder when Windows or any other application is installed. These are trusted fonts and do not pose whatsoever threat. When nosotros encounter such fonts on web pages, they are loaded from the local fonts folder.

Simply when the fonts on a webpage are non present on our computer – i.e., the local fonts folder – a re-create of that font is loaded into our computer's memory, and that is when a cybercriminal can gain access to your network.

Dangers of untrusted fonts

When a web folio utilizes a font that is already present in the local fonts folder, the browser picks upward the fonts from the local binder to render the webpage. Since the fonts in the local font folder are scrutinized past antivirus programs when being installed, they do non pose a threat.

When a website or webpage utilizes a font that is not present in the local fonts directory or folder, browsers volition need "elevated privileges" to load a copy of the fonts into local memory by downloading them to the computer. Simple downloads are not much of an issue as the antimalware packages will detect if the fonts comprise any malware. At that place is no threat of malware with such fonts. The issue is "elevated privileges" that can be establish and exploited by cybercriminals. If they take control of the browser under such a state of affairs, they are capable of doing much impairment to non simply the calculator but to the network as a whole.

The all-time method is to avert browsers from using "elevated privileges" and that can be done in Windows by blocking the fonts that are not present in the local folder. In such cases, the website volition be rendered by substituting the untrusted website fonts with the trusted fonts in a local binder. This may, still, cause the webpage to render improperly and create problems while printing.

3 states available for untrusted fonts in Windows xi/10

There are three options available to you when it comes to untrusted fonts in Windows 11/ten. They are:

1. Block the fonts
2. Audit manner: yous exercise not actually block the font, but y'all keep a log that shows if untrusted fonts were loaded and if yes, which website and application used them
3. Exclusion of apps: You can whitelist some of the apps on Windows 10 to use untrusted fonts if you think they won't be a problem; For example, if you whitelist Give-and-take app, it can utilize third-party fonts originating from the Internet fifty-fifty though you have blocked untrusted fonts

The best method, in my opinion, given the limited number of options, is to block all untrusted fonts and whitelist but those apps that pose less threat via downloading fonts to local retentiveness. Compared to browsers, apps like Microsoft Word, Excel, etc. pose less of a threat as when the fonts are downloaded, your anti-malware is triggered, and if it finds anything objectionable, it volition give you lot a bulletin or block the downloaded fonts. Browsers, on the other hand, are a complex architecture (relying on rendering engines and processors, etc.) then even if the antimalware blocks fonts in memory, cybercriminals may yet be able to take control of the machine easily.

Block untrusted fonts in Windows in an Enterprise

Using Registry Editor

To block untrusted fonts in Windows ten and to whitelist apps that can use untrusted fonts, you will accept to use the Windows Registry Editor. Every bit of now, there is no graphical user interface that makes information technology easier for the admins. The post-obit explains how to cake untrusted fonts in Windows 10.

Press WinKey+R and in the Run dialog that appears, type regedit and striking Enter key

Navigate to:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\

Wait for the entry named MitigationOptions. If information technology is non there, create a QWORD entry of 64 scrap and name it MitigationOptions

There will already exist a value for the QWORD entry nosotros created; re-create-paste the following values to Before the value so that the value is there towards the stop of the value we pasted.

• To turn off untrusted fonts, enter 1000000000000.
• To run inspect mode, enter 3000000000000.
• To plough it off, enter 2000000000000.

For example, if there is a value of 1000 already in the QWORD nosotros created, it should await similar 30000000000001000

Close the registry editor, save work in any other applications that might be open up, and reboot the computer.

Every bit mentioned earlier, in that location may exist problems viewing the websites or printing when you turn off untrusted fonts. To get around it, information technology is recommended that you download and install the font manually into the %windir%/fonts folder. That volition make it safer to browse the website using that font. Though you tin exclude or whitelist apps, it should be done only if you lot tin install the fonts for some reason.

Using Grouping Policy Editor

If you use Windows 11/10 Enterprise and Windows 11/ten Pro editions, you can make utilise of the Local Group Policy Editor.

Run gpedit.msc to open the Local Group Policy Editor and navigate to the following setting:

Estimator Configuration > Administrative Templates > Arrangement > Mitigation Options.

In the right pane, you volition run into Untrusted Font Blocking. Select Enabled and so choose Block untrusted fonts and log events from the drop-down menu.

This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the %windir%\Fonts directory. This characteristic can be configured to be in 3 modes: On, Off, and Audit. By default, it is Off and no fonts are blocked. If you aren't quite ready to deploy this feature into your organization, you can run it in Audit mode to run across if blocking untrusted fonts causes any usability or compatibility issues.

Note: This policy setting could brand your Icons & Fonts go missing in IE11.

How to view log of apps accessing untrusted fonts

If you choose the inspect method, you volition discover that none of the untrusted fonts are blocked. Instead, a log volition be created that you lot can use to see which app accessed which untrusted font type and where, when, etc. details. To view the log, open up Windows Event Viewer.

• Become to Awarding and Service Logs/Microsoft/Windows/Win32k/Operational.
• Under the EventID: 260, you will find all the log entries related to admission of untrusted fonts past different browsers and apps during the runtime of the local figurer.

An example of the event log would be every bit follows:

WINWORD.EXE attempted loading a font that is restricted by font loading policy.

FontType: Retentiveness

FontPath:

Blocked: true

This blazon of entry would be shown when you have completely blocked the untrusted fonts from loading on local computers. It as well shows that download of untrusted font happened but was blocked by the policy you created using the Windows Registry Editor.

Some other example could exist:

Iexplore.exe attempted loading a font that is restricted by font loading policy.

FontType: Memory

FontPath:

Blocked: faux

In the above case, the untrusted fonts are not blocked equally shown by the entry. It also shows that the browser attempted the download of the fonts to local memory and was used.

The above explains untrusted fonts, dangers posed past untrusted fonts and finally, how to block untrusted fonts in Windows 11/x. If y'all have any doubts or anything to add, delight comment.

Source: TechNet.

Source: https://www.thewindowsclub.com/block-untrusted-fonts-keep-network-safe-windows-10

Posted by: dinhuponce.blogspot.com

Share this post