Microsoft has just released an update for MS14-066. All this update does is remove TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256 from the default cipher suite list for Windows 2008 R2 and Windows 2012. It does not update Windows 2012 R2. This seems like a temporary measure until Microsoft figures out what the real issue is. In the mean time, make sure that those cipher suites are unchecked in IIS Crypto.