
Hacking Microsoft SQL Server Without a Password - dsr12
https://blog.anitian.com/hacking-microsoft-sql-server-without-a-password/
======
BrentOzar
Nicely done. Just last month, Microsoft released TLS 1.2 support all the way
back to SQL Server 2008 to prevent this kind of thing:

[https://blogs.msdn.microsoft.com/sqlreleaseservices/2016/01/...](https://blogs.msdn.microsoft.com/sqlreleaseservices/2016/01/29/tls-1-2-support-
for-sql-server-2008-2008-r2-2012-and-2014/)

Given the slow patch speed of most SQL Server shops, though, this exploit will
work for years.

