8.3.15 Set 'Allow font downloads' to 'Enabled:Disable'

Information



This policy setting allows you to manage whether pages of the zone may download HTML
fonts. The recommended state for this setting is- Enabled-Disable.

*Rationale*

It is possible that a font could include malformed data that would cause Internet Explorer
to crash when it attempts to load and render the font.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.

Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow font
downloadsThen set the Allow font downloads option to Disable.

Impact-If you enable this policy setting, HTML fonts can be downloaded automatically. If you
enable this policy setting and Prompt is selected in the drop-down box, users are queried
whether to allow HTML fonts to download. If you disable this policy setting, HTML fonts
are prevented from downloading.

Default Value-
Disabled

See Also

https://workbench.cisecurity.org/files/1518

Item Details

Audit Name: CIS IE 11 v1.0.0

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(3)

Plugin: Windows

Control ID: dbd868a68b4cd0f9433051be9daa7a6d5864478139c722512948a905a36c527a