By default, Windows 2008R2 allows SSLv2, which is not considered secure anymore.
To disable it on the server, you need to add the registry key for SSL 2.0 Server as described here:
http://support.microsoft.com/kb/245030
Once the key is added, you need to disable the protocol, by adding the Enabled DWord as described here:
http://support.microsoft.com/kb/187498
In the future, there will no-doubt be more changes, I'll try to keep this page up-to-date on the latest PCI requirements.