After applying .NET security fixes released in September 2018 to address CVE-2018-8421 SharePoint workflows stop working

After applying .NET Security Only patch to resolve CVE-2018-8421 (Remote Code Execution Vulnerability), all SharePoint out of the box Workflow fails to execute and the log will show an error like this:

09/13/2018 01:59:07.57 w3wp.exe (0x1868) 0x22FC SharePoint Foundation Workflow Infrastructure 72fs Unexpected RunWorkflow: 
Microsoft.SharePoint.SPException: <Error>
<CompilerError Line="-1" Column="-1" Text="Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file." />
<CompilerError Line="-1" Column="-1" Text="Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file." />
<CompilerError Line="-1" Column="-1" Text="Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file." />
<CompilerError Line="-1" Column="-1" Text="Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file." />
<CompilerError Line="-1" Column="-1"…

For more details about the issue, a technical explanation and the solution, please have a look at the blog post created by my colleauge Rodney Viana:

16 Comments


  1. Are you aware of any potential impact on the custom workflows running on the Workflow Manager?

    Reply

    1. Haven’t heard of any.

      Reply

    1. Hi Luigi,
      it affects all Workflows using the SharePoint 2010 engine. Of course also those created with SharePoint Designer.
      Cheers,
      Stefan

      Reply

  2. Hello Stefan,
    is this error solved by one of the updates released yesterday?
    Thanks!
    Sibylla
    PS: Thank you for blogging all these information around updates! Unfortunately the (very good) rating for your blog posts does not work for me.

    Reply

    1. Hi Sibylla,
      no the October CU does not include fixes for this.
      It is recommended to apply the script in the linked article to fix this.
      Cheers,
      Stefan

      Reply

      1. Thanks for the quick answer, Stefan!
        Do you know if it is planned to have this solved by a PU / CU in the future? (or another .NET update?)
        Sibylla

        Reply

        1. Hi Sibylla,
          it is planned to release a fix – but this fix will be identical with the web.config changes listed in the article.
          Cheers,
          Stefan

          Reply

          1. Hi Stefan,
            thanks for all these information.
            Have a good day
            Sibylla


  3. Hello Stefan,
    If we apply the changes to our web.config and then apply an older CU (For example June 2018), will the CU revert the web.config changes?
    If so, does this mean that we would need to apply the web.config change after every CU until MSFT releases it’s own fix in a future CU?
    Thanks.

    Reply

    1. Hi Steve,
      installing an older CU should not revert these changes.
      Cheers,
      Stefan

      Reply

  4. I installed the October .NET updates on a test machine and the SharePoint Workflow issue was resolved without applying the web.config workaround.

    Reply

  5. Are there any patch updates which resolves the workflow issues for these faulty patches for Sharepoint designer workflows, Nintex workflows and Sharepoint workflows for sharepoint 2010 servers.

    Reply

  6. Hello, We have tried this but this not working. We are still getting the same error. What else can be missing? We have checked on the server, there is no update installed (KB4457916/KB4457035). Still we are facing this issue.

    Reply

    1. Hi Jignesh,
      if you need assistance to get this resolve I would recommend to open a ticket with Microsoft suppport.
      Cheers,
      Stefan

      Reply

Leave a Reply to Stefan Goßner Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.