#Windows TCP/IP

The following workaround may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place: **Disable router discovery on IPv6 interface.** You can disable router discovery on the IPv6 interface to prevent attackers from exploiting the vulnerability, with the following PowerShell command: * Set-NetIPInterface -InterfaceIndex \[interface\_index\] -RouterDiscovery Disabled You can disable router discovery on the IPv6 interface to prevent attackers from exploiting the vulnerability, with the following Network Shell (netsh) command: * netsh interface ipv6 set interface \[interface\_name\] routerdiscovery=disabled Please refer to the workaround section of this security bulletin for more information: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-006 **Note:** No reboot is needed after making the change...

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation: * Systems are not affected if IPv6 is disabled on the target machine.

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation: Only systems with the IPSec service running are vulnerable to this attack.