Now this is an interesting one. Windows ipv6 has a default configuration that allows for network takeover. An excerpt is below:
A dormant IPv6 feature is a backdoor for Windows attackers, security researchers warn. Enabled by default, if unused and left unchecked, it can lead to a complete domain compromise.
IPv6 might not be widely used, but Windows enables it by default and prioritizes it over the older IPv4 version, which has very serious security repercussions. If hackers have access to a single device on the network, even an IoT one, they can transform it into a fake configuration and DNS server. Windows computers will trust and prefer malicious instructions over the existing IPv4 configuration. Resecurity, a cybersecurity firm, warns that this allows attackers to hijack a computer’s connections: redirect users to malicious websites, intercept credentials, and, ultimately, seize the entire network. Previously, the DNS takeover technique was also detailed by VK9 Security and other network defenders.
The researchers have detailed how attackers can achieve a complete domain compromise: a total takeover of what can be described as the corporate security nerve center.
And attackers only need minutes to perform the attack.
“By combining rogue DHCPv6 responses, DNS poisoning, WPAD abuse, and NTLM relay, attackers can stealthily escalate from unauthenticated network access to full Domain Admin control in a matter of minutes,” the Resecurity report reads.
So in it’s default state, windows is an easy target in a network environment. This also means any windows machine directly on the internet is highly vulnerable to attack even more. There are options to protect your internal network as well as any remote assets. Contact us for an evaluation of your assets and networks.