Microsoft has released CVE-2018-8202 (KB4338417, KB4340558 and KB4340559) for a vulnerablility in .Net.
The down effect is I got many “ActiveX component can’t create object” errors. See https://stackoverflow.com/questions/51289285/how-do-i-properly-instantiate-32-bit-com-objects-in-classic-asp-after-installing for more people having this problem and some solutions.
The only fix for our users is to go to IIS > Website > Authentication > Anonymous Authentication > Set to ‘Application Pool Identity’.
Is there any reasens why SolidCP force IIS to use specific authentication insteed of AppPool?
And can i configure SolidCP so all (new) sites are created with AppPool Identity?
The reason is that SolidCP allows to use shared application pools, but to keep some form of segregation use the website auth instead (convenient for hosting providers just providing perl / php / etc).
There’s currently no option to set it to app pool identity, such setting will have to be designed from scratch.
Though such function i think should only be allowed if you use dedicated application pools, else the server is 1 big security hazard.
Is anything changed for a past few years? Or its still impossible to use Application Pool Identity by default for newly created sites?
- Views2290 times
- Answers2 answers