One of the four vulnerabilities rated “critical” from yesterday’s MS patchday, that is MS10-063, has an interesting “Workarounds” section as for MS Internet Explorer. There it’s stated:
“Disabling the support for the parsing of embedded fonts in Internet Explorer prevents this application from being used as an attack vector.”
which, according to the advisory, should/can be done by setting the “Font Downloading” parameter to “Disable”.
Which is exactly what this document suggests. So taking a preventive approach, once more, might have saved some concerns (“Will we be targeted by this one”) and patch/testing time…
Have a great day,
Enno