After applying .NET Security Only patch to resolve CVE-2018-8421 (Remote Code Execution Vulnerability), all SharePoint out of the box Workflow fails to execute and the log will show an error like this:
09/13/2018 01:59:07.57 w3wp.exe (0x1868) 0x22FC SharePoint Foundation Workflow Infrastructure 72fs Unexpected RunWorkflow: Microsoft.SharePoint.SPException: <Error> <CompilerError Line="-1" Column="-1" Text="Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file." /> <CompilerError Line="-1" Column="-1" Text="Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file." /> <CompilerError Line="-1" Column="-1" Text="Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file." /> <CompilerError Line="-1" Column="-1" Text="Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file." /> <CompilerError Line="-1" Column="-1"…
For more details about the issue, a technical explanation and the solution, please have a look at the blog post created by my colleauge Rodney Viana:
Permalink
Are you aware of any potential impact on the custom workflows running on the Workflow Manager?
Permalink
Haven’t heard of any.
Permalink
It looks like the problem affects custom workflows built using SharePoint Designer too, as per blog post at https://blogs.msdn.microsoft.com/rodneyviana/2018/09/13/after-installing-net-security-patches-to-address-cve-2018-8421-sharepoint-workflows-stop-working/.
Permalink
Hi Luigi,
it affects all Workflows using the SharePoint 2010 engine. Of course also those created with SharePoint Designer.
Cheers,
Stefan
Permalink
Hello Stefan,
is this error solved by one of the updates released yesterday?
Thanks!
Sibylla
PS: Thank you for blogging all these information around updates! Unfortunately the (very good) rating for your blog posts does not work for me.
Permalink
Hi Sibylla,
no the October CU does not include fixes for this.
It is recommended to apply the script in the linked article to fix this.
Cheers,
Stefan
Permalink
Thanks for the quick answer, Stefan!
Do you know if it is planned to have this solved by a PU / CU in the future? (or another .NET update?)
Sibylla
Permalink
Hi Sibylla,
it is planned to release a fix – but this fix will be identical with the web.config changes listed in the article.
Cheers,
Stefan
Permalink
Hi Stefan,
thanks for all these information.
Have a good day
Sibylla
Permalink
Hello Stefan,
If we apply the changes to our web.config and then apply an older CU (For example June 2018), will the CU revert the web.config changes?
If so, does this mean that we would need to apply the web.config change after every CU until MSFT releases it’s own fix in a future CU?
Thanks.
Permalink
Hi Steve,
installing an older CU should not revert these changes.
Cheers,
Stefan
Permalink
I installed the October .NET updates on a test machine and the SharePoint Workflow issue was resolved without applying the web.config workaround.
Permalink
Are there any patch updates which resolves the workflow issues for these faulty patches for Sharepoint designer workflows, Nintex workflows and Sharepoint workflows for sharepoint 2010 servers.
Permalink
Hi Nikisha,
the most recent SharePoint Patches fix the issue for SharePoint Workflows.
For Nintex Workflows Nintex has to provide a fix as we do not own their codebase.
Or just apply the Workaround in the blog post from Rodney which fixes it for Nintex as well:
https://blogs.msdn.microsoft.com/rodneyviana/2018/09/13/after-installing-net-security-patches-to-address-cve-2018-8421-sharepoint-workflows-stop-working/
Cheers,
Stefan
Permalink
Hello, We have tried this but this not working. We are still getting the same error. What else can be missing? We have checked on the server, there is no update installed (KB4457916/KB4457035). Still we are facing this issue.
Permalink
Hi Jignesh,
if you need assistance to get this resolve I would recommend to open a ticket with Microsoft suppport.
Cheers,
Stefan