There is no “patch”. It’s a vulnerability in the protocol, not a bug in the implementation.
In Windows Server 2003 to 2012 R2 the SSL / TLS protocols are controlled by flags in the registry set at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols
.
To disable SSLv3, which the POODLE vulnerability is concerned with, create a subkey at the above location (if it’s not already present) named SSL 3.0
and, under that, a subkey named Server
(if it’s not already present). At this location (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0\Server
) create a DWORD value named Enabled
and leave it set at 0
.
Disabling SSL 2.0, which you should also be doing, is done the same way, except that you’ll be using a key named SSL 2.0
in the above registry path.
I haven’t tested all versions, but I think it’s probably safe to assume that a reboot is necessary for this change to take effect.