Researchers indicate that new features in the Microsoft Windows operating system which enable IPv6 network access can potentially be exploited by a man-in-the-middle (MITM) attack.
The proof of concept was detailed by security researcher Alec Waters of the Infosec Institute, and shows that default settings in the OS protocol allow attackers to redirect information unbeknownst to the user.
“All these Windows boxes will default connect to the evil router instead of the legitimate router when this parasitic overlay is running. If Microsoft didn't have that configuration by default, it would negate a lot of the effects of the attack," said Jack Koziol, program manager for the InfoSec Institute.
The exploit utilizes the Stateless Address Auto Configuration (SLAAC) standard to reroute data through networks controlled by the attackers, exposing potentially sensitive data.
Linux and FreeBSD are immune to the method, but the OS X for Macs may also be vulnerable to the attacks, though the theory has not been tested by researchers on that operating system yet.
While there are tools to prevent traffic redirection attacks using the Address Resolution Protocol, so far there is no reliable way to detect and defend against rerouting via SLAAC attacks.
The one saving grace thus far is that in order to carry out the exploit attackers would need to successfully install some hardware into the target network, but given the increasing number of incidents related to insider threats, the possibility of such an event is probable.
"Microsoft is aware of discussions in the security community concerning the possibility of using IPv6 network protocols to undertake a 'man in the middle' attack on a target network. The attack method described would require that a would-be attacker have physical access to the targeted network in order to install a tainted router - a situation that does not provide a security boundary," said the group manager in Microsoft's Trustworthy Computing group, Bruce Cowper.