Attackers might deploy malicious codes through external font files. To prevent this, all external fonts except those that are available in the Windows font directory (%windir%/Fonts) must be blocked.
Severity
Critical
Category
OS Security Hardening
Resolution
Follow the below steps in GPO to resolve the misconfiguration.
Configure the policy value for Computer Configuration >> Administrative Templates >> System >> Mitigation Options >> "Untrusted Font Blocking" to "Enabled" with "Block untrusted fonts and log events" selected in "Mitigation Options".
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.
