Re: TLS 1.2 intolerant == not patched is Total rubbish
You have completely misunderstood and confused a server being intolerant to TLS 1.2 from actually supporting/implementing the TLS 1.2 protocol. They are entirely different concerns/things.
A server has to support TLS version negotiation correctly so that insecure TLS version fallback doesn't have to take place in a modern Web browser that supports TLS 1.2 for it to be accessible. The server can still happily only implement the TLS 1.0 protocol, it just has to do so correctly. The bug here is that Virgin's TLS 1.0-only servers do not respond correctly, per TLS 1.0 spec, to a TLS 1.2 Client Hello. Version negotiation fails.
Being version intolerant to TLS 1.2 Client Hellos definitely does therefore mean that a server has not been patched. It has been patched for years.
Firefox will remove insecure fallback in a forthcoming release. See https://bugzilla.mozilla.org/show_bug.cgi?id=1084025 and https://bugzilla.mozilla.org/show_bug.cgi?id=1126620
It is this intolerance that Chrome is calling out when you view details of the connection to Virgin Media's services, not the lack of TLS 1.2 support.
Biting the hand that feeds IT
