So, indeed, this is related to DirectFlex. Specifically, the fontdrvhost.exe process does not seem to like the fact that we inject our FlexHook*.dll (which we do as soon as DirectFlex is enabled -- it does not matter for which Flex config file.)
So, DirectFlex blacklist to the rescue: adding fontdrvhost.exe to the blacklist seems to keep the webfonts working perfectly fine in my test setup. To configure this, create a Blacklist.xml file in ...\General\FlexRepository\DirectFlex folder (which does not exist by default), with the following content:
<?xml version='1.0' encoding='utf-8'?>
<userEnvironmentSettings>
<setting type='blacklist' list='fontdrvhost.exe'/>
</userEnvironmentSettings>
The attachment contains this XML file with the correct folder structure. If you already have this Blacklist.xml file, just update its list attribute by adding |fontdrvhost.exe at the end of the current value (note the '|' (pipe character), which acts as a separator).
As it took me a while to reproduce the issue, I'd highly appreciate it is someone can test this fix. Thanks!