locked
EMET 5.5 User Guide or Details on Untrusted Fonts? RRS feed

  • Question

  • I have been unable to find a user guide or an details on what Blocking Untrusted Fonts does in EMET 5.5.  In the details it states "Prevent loading of font files installed outside the system fonts directory." Is this as simple as blocking access to all .FON, .OTF, .TTC, & .TTF files that don't come from %systemroot%\fonts ?
    Wednesday, October 14, 2015 9:12 PM

All replies


  • http://download.microsoft.com/download/4/3/3/43364390-96B1-4820-9BAD-4A71F9A3221A/EMET User Guide.pdf

    Untrusted font mitigation


    Windows 10 added a Blocking Untrusted Fonts feature to protect users from attacks originating from untrusted or attacker-controlled font files (You can learn more about the feature by reading the “Block untrusted fonts in an enterprise” MSDN article. The corresponding EMET mitigation setting can be used to tell the system how to take advantage of this new feature, both system wide or on a per-application basis, similar to how other system-wide mitigations like DEP are configured. Untrusted fonts are any font installed outside of the %windir%/Fonts directory. Blocking untrusted fonts helps prevent both remote (web-based or email-based) and local EOP attacks that can happen during the font file-parsing process.

    Wednesday, October 14, 2015 11:51 PM
  • Block untrusted fonts in an enterprise

    https://technet.microsoft.com/en-us/library/dn985836(v=vs.85).aspx

    Sunday, November 1, 2015 11:58 PM