Network: Internet Protocol version 6 (IPv6) source routing must use highest protection level to prevent IP source routing

d5030382-fcd1-4d7c-88e3-f1defebc7cf0

Network: Internet Protocol version 6 (IPv6) source routing must be configured to the highest protection level to prevent IP source routing.

Configuring the system to disable IPv6 source routing protects against spoofing.

Remediation

To fix this, configure the policy value for Computer Configuration >> Administrative Templates >> MSS (Legacy) >> "MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)" to "Highest protection, source routing is completely disabled".

This policy setting requires the installation of the MSS-Legacy custom templates. "MSS-Legacy.admx" and "MSS-Legacy.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively. Files can be found here: https://www.microsoft.com/en-us/download/details.aspx?id=55319 (Templates folder)

Stig: Server: https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93233
Desktop: https://www.stigviewer.com/stig/windows_10/2021-08-18/finding/V-220795