I'm all for IPv6 (hey, Reg, how's that new IPv6 access to the website coming along for the last.... 12 years now?).
But why is it enabled on any system where it's not in active use (i.e. one where you don't have an IPv6 router, gateway, or other setup)?
Surely, just basic IT management should tell you that something that's not in active use on your internal network should be DISABLED if for no other reason than to reduce your attack surface area?
I have nothing against anyone using it - it's perfectly simple to manage and all my personal sites and services use it (but my ISP doesn't support it).
But unless your internal network is IPv6 numbered, or you have to access an IPv6-only service... why is it enabled?
And even in the latter case, why is the GATEWAY not just doing the 4->6 translation and you just access the gateway as per normal? Almost every ordinary business is behind a NAT gateway already, it's the perfect barrier to externally-triggerable and technical issues like this.
IPv6 gets a bad rap, but not because of its security (this is a poor IMPLEMENTATION, not a flaw in the protocol itself), it's because everyone insisted - as one point - that we have to use it for everything, by default, make all internal systems use it (when that really doesn't matter) and abandon NAT forever (which is never going to happen even in an excluslively IPv6 world).
And this is why. Because on an internal network with no need for IPv6, you're now exposed and vulnerable to a range of bugs in a protocol you didn't want, didn't explicitly enable, and which was "on by default", which nobody wanted.
There's a reason that for 20 years I've been disabling the IPv6 protocols on my personal home devices, and on the networks I manage. I don't need it. And it just presents another hole to attackers. On Windows I unbind the protocol from network adaptors, on Linux I have to jump through sysctl hoops.
When I want it (e.g. my web server, email server, NTP server, etc.) then I will enable it and configure it myself.
As yet, operating entire IPv4-only networks with thousands of clients for 25+ years has had zero implications. When it does, then I will research, enable and configure appropriately. Not you, Microsoft. Not you, Ubuntu. You don't get to decide that for me.