8.1.3 Set 'Allow font downloads' to 'Enabled:Disable'

Information

*Description*

This policy setting allows you to manage whether pages of the zone may download HTML
fonts. The recommended state for this setting is- Enabled-Disable.

*Rationale*

It is possible that a font could include malformed data that would cause Internet Explorer
to crash when it attempts to load and render the font.

Solution

To implement the recommended configuration state, set the following Group Policy setting
to Enabled.

Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone\Allow font downloads\Allow
font downloads

Then set the Allow font downloads option to Disable.

Impact-If you enable this policy setting, HTML fonts can be downloaded automatically. If you
enable this policy setting and Prompt is selected in the drop-down box, users are queried
whether to allow HTML fonts to download. If you disable this policy setting, HTML fonts
are prevented from downloading.

See Also

https://workbench.cisecurity.org/files/1516

Item Details

Audit Name: CIS IE 9 v1.0.0

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(3)

Plugin: Windows

Control ID: ab803781bf9db57fafa91e3b34d37164b4e7efb2da90177ae34b7f117fd0b4c6