I don’t see anything to indicate that one actually was superseded. It no longer appears in the Microsoft Catalog, but if you have machines that are relevant for it then I would check whether those actually still have the RC4 ciphers available (the ActionScript for this will disable those ciphers).
Normally when a patch is superseded, we append ‘(Superseded)’ to the fixlet title, and by default change the Relevance to make it appear Not-Relevant (that can be overridden by applying a client setting to continue evaluating superseded content).
Thanks everyone! @JasonWalker I think I’ve read about a million of your responses on here… learned a ton from you on this forum already.
I’m just really confused why the [[BESAdmin-Announcements]] link above showed this line:
KB2871997 supersedes KB2868725.
While the MS article shows for 2012 as last server also, I did see the registry settings on the 2019 machines though, so I’ll just snapshot and patch away.
Strange the MS Catalog doesn’t list KB2868725 but it does list KB2871997. The KB2871997 doesn’t list it replacing KB2868725 , but who knows how much info Microsoft has already purged for unsupported OS.
Another weird thing is that the workarounds don’t appear to be related, I don’t see anything on 2871997 about disabling RC4 ciphers.
Now, to make things even more confusing, be sure about the Fixlet/Task you’re seeing. When there are no Default Actions it’s worth investigating a bit further. In this case note we have two fixlets - one to Enable the workaround (disable RC4), and another Disable the workaround (put RC4 back). So if you still have machines with matching OS, they’ll be relevant to one of these or the other, allowing you to toggle back and forth.
