Block programs from loading untrusted fonts in Windows 10

By Martin Brinkmann^[1] on February 5, 2016 in Windows^[2] - Last Update: February 5, 2016 3

Microsoft implemented a new security feature in Windows 10's November update build that added an option to the operating system to block the loading of untrusted fonts.

The use of fonts has always been problematic in the Windows operating system from a security point of view as bugs in font-handling code could give attackers high-level privileges.

Bulletins such as MS15-078^[3] indicate that the Windows font system is targeted regularly, and one way to mitigate the impact of these attacks was the new untrusted font blocking security feature built-into Windows 10.

I have mentioned the feature when I reviewed the new version of Microsoft EMET^[4], as it shipped with support for it, but it has been likely missed by at least some users, hence this new article.

Untrusted fonts blocking

The security feature needs to be enabled in the Windows Registry, and there for every machine that you want to enable the feature on.

1. Tap on the Windows-key, type regedit.exe and hit enter.
2. Confirm the UAC prompt if it is displayed.
3. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\
4. Right-click on Kernel, and select New > QWORD (64-bit) Value and name it MitigationOptions.
5. Double-click on MitigationOptions afterwards and use one of the following values for the feature:
6. To turn it on: 1000000000000
7. To turn it off: 2000000000000
8. To set it to audit mode: 3000000000000

Note: It is highly suggested to set the untrusted font blocking security feature to audit mode first, as you may run into issues with third-party applications after enabling the feature on a machine running Windows 10.

Alternatively, if you are running Microsoft EMET 5.5 on the machine, you may enable the "block untrusted fonts" feature using the application interface.

If you set it to audit mode, all blocked font loading attempts are written to the event log.

1. Tap on the Windows-key, type eventvwr.exe and hit enter.
2. Navigate to Application and Service Logs/Microsoft/Windows/Win32k/Operational.
3. Scroll down to EventID: 260 and review the entries you find there.

Configuring exceptions

Some programs may not load or display correctly after you enable untrusted font blocking in Windows 10. While you may be able to resolve some of the issues directly, for instance by enforcing the use of system fonts in the application, you may run into issues with some apps where that is not an option.

Microsoft added an option to the security feature that enables you to set exceptions for these processes.

1. Tap on the Windows-key, type regedit.exe and hit enter.
2. Confirm the UAC prompt.
3. Navigate to HKEY_LOCAL_MACHINE\ Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
4. Right-click on Image File Execution Options, and select New > Key.
5. Use the full file name of the process that you want to exclude, e.g. winword.exe or firefox.exe, so that the key looks like this HKEY_LOCAL_MACHINE\ Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe.
6. Repeat this for every process you want to exclude.

Additional information about the blocking of untrusted fonts are available on Microsoft's Technet website^[5].

Side Note: Google enabled the feature individually for its Chrome web browser running on Windows 10 recently according to an Ars Technica report^[6] improving security for Chrome users on Windows 10 in the process.

Summary

Article Name

Block programs from loading untrusted fonts in Windows 10

Description

Find out how to block programs from loading untrusted fonts on Microsoft's new Windows 10 operating system.

Author

Martin Brinkmann

Publisher

Ghacks Technology News

Logo

Please share this article

---

About Martin Brinkmann

Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook^[7], Twitter^[8] or Google+^[9]

View all posts by Martin Brinkmann →^[10]

You are here: Home > Windows > Block programs from loading untrusted fonts in Windows 10^[12][11]

Ghacks Deals: ZenMate VPN Lifetime Premium Subscription^[13]

Firefox gets a variable release schedule ^[14]

Ghacks Deals

Subscribe / Connect

	Ghacks Technology Newsletter
	Ghacks Daily Newsletter

Advertisement

• Popular^[15]

• Surprise? 40% of Firefox users don't use add-ons^[16] January 6, 2016
• Essential Software 2016: Martin Brinkmann Edition^[17] January 11, 2016
• Windows 10 is a recommended update now^[18] February 2, 2016
• Firefox 44: Find out what is new^[19] January 25, 2016

Advertisement

• Latest^[20]

• Firefox 44:"Ask me every time" cookie option removed^[21] February 5, 2016
• Find public toilets with Flush for Android^[22] February 5, 2016
• Firefox gets a variable release schedule^[23] February 5, 2016
• Block programs from loading untrusted fonts in Windows 10^[24] February 5, 2016
• Ghacks Deals: ZenMate VPN Lifetime Premium Subscription^[25] February 4, 2016

Random Software Review

• Create window clones with OnTopReplica
  ^[26]

Topics

Apple
Development
Facebook
Games
Ghacks
Hardware
Internet
Internet Explorer
Linux
Microsoft
Mobile Computing
Music And Video
Networks
Opera
Security
Tutorials
^{[27][28][29][30][31][32][33][34][35][36][37][38][39][40][41][42]}

Advertisement

References

1. ^{^} Posts by Martin Brinkmann (www.ghacks.net)
2. ^{^} Windows (www.ghacks.net)
3. ^{^} MS15-078 (technet.microsoft.com)
4. ^{^} new version of Microsoft EMET (www.ghacks.net)
5. ^{^} Microsoft's Technet website (technet.microsoft.com)
6. ^{^} according to an Ars Technica report (arstechnica.com)
7. ^{^} Facebook (www.facebook.com)
8. ^{^} Twitter (twitter.com)
9. ^{^} Google+ (plus.google.com)
10. ^{^} View all posts by Martin Brinkmann → (www.ghacks.net)
11. ^{^} Home (www.ghacks.net)
12. ^{^} Windows (www.ghacks.net)
13. ^{^} Ghacks Deals: ZenMate VPN Lifetime Premium Subscription (www.ghacks.net)
14. ^{^} Firefox gets a variable release schedule (www.ghacks.net)
15. ^{^} Popular (www.ghacks.net)
16. ^{^} Surprise? 40% of Firefox users don't use add-ons (www.ghacks.net)
17. ^{^} Essential Software 2016: Martin Brinkmann Ed ition (www.ghacks.net)
18. ^{^} Windows 10 is a recommended update now (www.ghacks.net)
19. ^{^} Firefox 44: Find out what is new (www.ghacks.net)
20. ^{^} Latest (www.ghacks.net)< /li>
21. ^{^} Firefox 44:"Ask me every time" cookie option removed (www.ghacks.net)
22. ^{^} Find public toilets with Flush for Android (www.ghacks.net)
23. ^{^} Firefox gets a variable release schedule (www.ghacks.net)
24. ^{^} Block programs from loading untrusted fonts in Windows 10 (www.ghacks.net)
25. ^{^} Ghacks Deals: ZenMate VPN Lifetime Premium Subscription (www.ghacks.net)
26. ^{^} Create window clones with OnTopReplica (www.ghacks.net)
27. ^{^} Apple (www.ghacks.net)
28. ^{^} Development (www.ghacks.net)
29. ^{^} Facebook (www.ghacks.net)
30. ^{^} Games (www.ghacks.net)
31. ^{^} Ghacks (www.ghacks.net)
32. ^{^} Hardware (www.ghacks.net)
33. ^{^} Internet (www.ghacks.net)
34. ^{^} Int ernet Explorer (www.ghacks.net)
35. ^{^} Linux (www.ghacks.net)
36. ^{^} Microsoft (www.ghacks.net)
37. ^{^} Mobile Computing (www.ghacks.net)
38. ^{^} Music And Video (www.gh acks.net)
39. ^{^} Networks (www.ghacks.net)
40. ^{^} Opera (www.ghacks.net)
41. ^{^} Security (www.ghacks.net)
42. ^{^} Tutorials (www.ghacks.net)

Related Posts To Block programs from loading untrusted fonts in Windows 10

Block programs from loading untrusted fonts in Windows 10 2016-02-05T08:37:00-08:00 Rating: 4.5 Posted by: meyiluse