1. This is not a 0day problem, and it is described in a separate RFC, “Rogue IPv6 Router Advertisement Problem Statement.” It seems to occur beginning with IPv6.
2. The author of the document "SLAAC Attack – 0day Windows Network Interception Configuration Vulnerability" contemplates a problem in which the network has only the IPv4 protocol, without any mentions of IPv6 and hacker activity regarding the IPv6 protocol.
3. It is a problem from the "Wrong network configuration" category.
Implementation of an MITM attack via broadcast Router Advertisement (RA) messages to hosts with IPv6 interfaces is described in the document "SLAAC Attack – 0day Windows Network Interception Configuration Vulnerability." The RA message is the service IPv6 message for the IPv6 interface configuration. For instance, it can be used for the setup of an IPv6 address, DNS, and gateway, i.e., to set up the interface so that the server of the hackers becomes the router for the current subnet.
ALL servers are vulnerable (not only Windows servers) where the IPv6 protocol is enabled and where the kernel is compiled with the "accept router advertisement" option.
For Linux servers, IPv6 settings can be checked with the following command:
sysctl -a | grep ipv6
net.ipv6.conf.eth0.accept_ra = 1
net.ipv6.conf.eth0.accept_redirects = 1
net.ipv6.conf.eth0.autoconf = 1
ResolutionPossible workarounds are described in the document "SLAAC Attack – 0day Windows Network Interception Configuration Vulnerability" and comments on the document:
1. Disable IPv6 on the host.
2. Filter RA messages for each port of the network equipment.
3. Perform an audit of the network for IPv6 security because there can be other problems in addition to those described.