I am trying to determine if v 2.0 of MS14-066 is necessary to stem the
vulnerability for Win2K8R2 and Win2012. We just got the first version with
KB2992611 installed and now MS says that to have the install completed I must
also install KB3018238. Fair enough. MS screwed up and now I need to patch
the patch.
But here is my issue. It is not clearly stated whether the vulnerability was
already resolved and
KB3018238 is just to fix the TLS cyphers. (That is my interpretation).
Upper management does not react well to URGENT patches that take down servers
across the environment. To do it twice in one week, not cool MS. Are you
listening? If I am not experiencing the cypher issue, I'll add the second
patch, but on my regular schedule. Give me the information to make an informed
decision.
Sorry have to run...I hear a faint call of "Wolf" from the hill.
gt
