From the SANS ISC:
Do not disable IPv6 entirely unless you want to break Windows in interesting ways.
This can only be exploited from the local subnet.
But it may lead to remote code execution / BSOD
PoC exploit is easy, but actual RCE is hard.
From “https://www.microsoft.com/security/blog/2020/10/07/best-practices-for-defending-azure-virtual-machines/” “If you are already allowing RDP access to your Azure VMs from the internet, you should check the configuration of your Network Security Groups. Find any rule that is publishing RDP and look to see if the Source IP Address is a wildcard (*). If that is the case, you should be concerned, and it’s quite possible that the VM could be under brute force attack right now.”
As a mitigation for on prem servers you can use duo.com (vendor that provides two factor to rdp connections) to protect RDP and the built in Microsoft firewall to limit access to certain IP addresses.
https://twitter.com/msftsecintel/status/1308941504707063808?s=11 Microsoft has confirmed that they are seeing attacks in the wild.
Rapid7 will never sell the data collected on this site.