this post was submitted on 14 Aug 2024
98 points (100.0% liked)

Cybersecurity

5650 readers
110 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
 

Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems using IPv6, which is enabled by default.

all 9 comments
sorted by: hot top controversial new old
[–] Omgboom@lemmy.zip 18 points 2 months ago (2 children)

IPV6, which Microsoft has all but required for years now, is now being recommended to be turned off. Lol fucking Microsoft

[–] The_Decryptor@aussie.zone 5 points 2 months ago (1 children)
  1. If your ISP doesn't do IPv6, then you're fine (But should look for a better ISP)
  2. If your ISP does do IPv6, then you should install the patch now (Unless you're not using IPv6 on the LAN, in which case you're fine but get a better router/sysadmin)
  3. If your ISP does do IPv6, but you can't install the patch for whatever reason, only then should you disable IPv6

The problem is people recommend disabling IPv6 for random unrelated reasons (Like gamers claiming it decreases your IPv4 latency), so yeah MS is going to be insistent that users not fiddle with things they don't understand because it's really unlikely they'll go back and restore that config when it doesn't actually help.

[–] Omgboom@lemmy.zip 6 points 2 months ago* (last edited 2 months ago)

The problem is that IPV6 is only half implemented at best. Do you know how many software vendors have "disable IPV6" in their documentation? Because it's a lot. I, as a sysadmin, have no control over that. I can't make these vendors implement IPV6, if they haven't done it yet they clearly aren't in a hurry to. I'm not talking about gamers, I'm talking about niche legacy software and internal proprietary programs, older networked hardware (like door systems) often don't support IPV6. I feel like IPV6 was created because we were running out of IPV4 addresses, and then the world realized we could just NAT everything and stopped caring. I was there Gandalf, I was there 3,000 years ago on 512K day, when the strength of IPV4 failed. Trust me I want nothing more than for IPV6 to work and be universally adopted, but here we are 30 years later

[–] EinfachUnersetzlich@lemm.ee 1 points 2 months ago (1 children)

What? The article specifically says they don't recommend turning it off.

[–] Omgboom@lemmy.zip 1 points 2 months ago

As a mitigation measure for those who can't immediately install this week's Windows security updates, Microsoft recommends disabling IPv6 to remove the attack surface. 

[–] EmperorHenry@infosec.pub 1 points 2 months ago (3 children)

So I guess use a VPN that either doesn't have IPv6 or disable IPv6 in any VPN you have that has that feature

[–] Brkdncr@lemmy.world 4 points 2 months ago

No, just patch,

[–] taladar@sh.itjust.works 3 points 2 months ago

Please stop recommending people disable IPv6 as if that is an optional feature. This only further delays the much needed transition away from IPv4 where we ran out of addresses years ago at this point.