I am trying to determine if v 2.0 of MS14-066 is necessary to stem the vulnerability for Win2K8R2 and Win2012. We just got the first version with KB2992611 installed and now MS says that to have the install completed I must also install KB3018238. Fair enough. MS screwed up and now I need to patch the patch.
But here is my issue. It is not clearly stated whether the vulnerability was already resolved and KB3018238 is just to fix the TLS cyphers. (That is my interpretation). Upper management does not react well to URGENT patches that take down servers across the environment. To do it twice in one week, not cool MS. Are you listening? If I am not experiencing the cypher issue, I'll add the second patch, but on my regular schedule. Give me the information to make an informed decision. Sorry have to run...I hear a faint call of "Wolf" from the hill. gt