I am at a loss on this one, I have tried everything. We can not pass our PCI scan due to a couple of older Windows 2003 Servers with IIS. The vulnerability reported is:
"TLS CBC Incorrect Padding Abuse Vulnerability"
This is the result from SSlLabs scanner:
We have disabled SSL 3.0:
And installed the hotfixes from MS from here:
I don't know what else to do in order to disable the CBC chiper issues on Windows 2003. Does anybody know?
This issue reported by SSL Labs is the POODLE attack against TLS. This is different from the SSL POODLE issue for which you appear to have deployed a fix.
Do you have a load balancer or reverse-proxy in front of your IIS server? If so, you'll need to patch that product.
If not, there is a user report (also here) that applying KB2655992 may address this.