Windows Azure Beast Exploit

Question

I have a client that's running a PCI compliancy scan and getting the following back:

BEAST (Browser Exploit Against SSL/TLS) Vulnerability
The SSL protocol encrypts data by using CBC mode with chained
initialization vectors. This allows an attacker, which is has gotten
access to an HTTPS session via man-in-the-middle (MITM) attacks or other means, to obtain plain text HTTP headers via
a blockwise chosen-boundary attack (BCBA) in conjunction with
Javascript code that uses the HTML5 WebSocket API, the Java
URLConnection API, or the Silverlight WebClient API. This
vulnerability is more commonly referred to as Browser Exploit Against
SSL/TLS or "BEAST".
CVE: CVE-2011-3389
NVD: CVE-2011-3389
Bugtraq: 49778
CVSSv2: AV:N/AC:M/Au:N/C:P/I:N/A:N(4.30)
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=665814,
http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslciphersuite,
http://technet.microsoft.com/en-us/security/bulletin/ms12-006
Service: http
Evidence:
Cipher Suite: SSLv3 : DES-CBC3-SHA
Cipher Suite: SSLv3 : RC4-SHA
Cipher Suite: SSLv3 : RC4-MD5
Cipher Suite: TLSv1 : AES256-SHA
Cipher Suite: TLSv1 : AES128-SHA
Cipher Suite: TLSv1 : DES-CBC3-SHA
Cipher Suite: TLSv1 : RC4-SHA
Cipher Suite: TLSv1 : RC4-MD5

Their site is hosted on Windows Azure; since those servers are managed is there a recommended way of going about plugging this hole?

Answer 1

What are you running in Azure precisely? Is it a Web Role? Azure website? Your own Windows server in IaaS Mode?

If you are running a Web Role, are you running the latest Windows OS? Microsoft patched this issue in Web Roles in April 2012.

http://msdn.microsoft.com/en-us/library/windowsazure/hh967599.aspx

If you are running Windows Server via IaaS mode, it is your own responsibility to patch the server.