The POODLE vulnerability is an attack on the SSL 3.0 protocol and it’s a protocol flaw not an implementation issue. Read the Google release post.
Every implementation of SSL 3.0 suffers from it. Security experts are recommending administrators to disable SSL 3.0 on their servers and use TLS 1.1 or 1.2.
Check SSL 3.0 usage
To check if your server uses SSL v3, go to GeoTrust SSL Toolbox website and type the URL of the server you want to check and click Check button.
If the result shows SSLv3 is enabled, the server may be affected by POODLE vulnerability.
Run Regedit as Administrator and navigate to:
Right click Protocols and select New > Key option.
Name the new key as SSL 3.0.
Now right click SSL 3.0 and create a new key named Client.
Again, right click SSL 3.0 and create the key Server.
Right click Client and select New > DWORD (32bit) Value option.
Name the DWORD as DisabledByDefault. Double click the DWORD and type 1 as Value data then click OK to confirm.
The DWORD Value Data set to 1.
Repeat same procedure for Server and assign Enabled as a DWORD name. Leave default Value Data set to 0.
Restart the server to complete the procedure.
Log into the server with Local Administrator permissions account.
Download disable_ssl3.zip and extract the .reg file.
Double click the .reg file and click Yes to confirm.
The system confirms the keys added to the Registry.
The Registry keys added.
No patches are available so far since it’s a protocol flaw and not an implementation issue.