I just received a failure on our PCI scan and one of the failures was for KB982666. We have SBS 2011 Standard 64bit SP1 and the WSUS server shows that I do not need that security update. But if you read the bulletin it says I don't and that I do.
"Is my computer vulnerable if I have not installed KB973917?
Systems running supported editions of Windows Server 2003, Windows Vista, and Windows Server 2008 that do not have KB973917 installed are not vulnerable. Systems running supported editions of Windows 7 and Windows Server 2008 R2 are vulnerable."
And actually there were 4 security bulletins that were given for the failure and all the KB security updates in them our server shows they are not needed. I am not sure if I should be downloading these manually and install them. Any suggestions?