Il y a no "patch". C'est a vulnerability in le protocol, pas a bug in le implementation.
In Windows Server 2003 to 2012 R2 le SSL / TLS protocols are controlled by flags in le registry set at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols.
To disable SSLv3, qui le POODLE vulnerability is concerned with, créez un subkey at le ci-dessus location (if c'est pas déjà present) named SSL 3.0 and, under that, a subkey named Server (if c'est pas déjà present). At this location (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0\Server) créez un DWORD value named Enabled et leave it set at 0.
Disabling SSL 2.0, qui you should aussi be doing, is done le même way, except that you'll be using a key named SSL 2.0 in le ci-dessus registry path.
I n'ont pas tested tous versions, mais Je pense c'est probably safe to assume that a reboot is nécessaire for this change to take effect.
