CVE-2023-38149

Меры по смягчению последствий

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:

• Systems are not affected if IPv6 is disabled on the target machine.

Обходное решение

The following workaround may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place:

Disable router discovery on IPv6 interface.

You can disable router discovery on the IPv6 interface to prevent attackers from exploiting the vulnerability, with the following PowerShell command:

• Set-NetIPInterface -InterfaceIndex [interface_index] -RouterDiscovery Disabled

You can disable router discovery on the IPv6 interface to prevent attackers from exploiting the vulnerability, with the following Network Shell (netsh) command:

• netsh interface ipv6 set interface [interface_name] routerdiscovery=disabled

Please refer to the workaround section of this security bulletin for more information: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-006

Note:

No reboot is needed after making the change.