CVE-2020-16898 is a remote code execution vulnerability caused by the improper handling of ICMPv6 Router Advertisement packets by Windows TCP/IP stack. Microsoft's recommended workaround is to disable ICMPv6 RDNSS component.
My question is: In my system, I already had TCP/IPv6 unchecked in my network adaptor options, is this an effective mitigation?
Remark 1: Common sense tells me that by disabling IPv6 in the adaptor, the upper layer problematic ICMPv6 RDNSS should not be able to receive maliciously crafted packets. But I cannot be sure, especially with all the fancy functions offered by IPv6, such as Teredo/4in6/ other tunneling methods. If there is any material indicating that this is indeed/not the case, please do share.
Remark 2: I have tested the PoC for causing BSoD (https://github.com/0xeb-bp/cve-2020-16898). The PoC does not work when IPv6 is disabled in adaptor settings. But no tunneling has been configured in my tests.
Remark 3: I know that IPv6 is an essential component for Windows, disabling it could cause components to stop working. But it had been disabled for a long time and I would like to keep it disabled.