Microsoft released a few .NET patches in September 2018 that patch for CVE-2018-8421 which is a .NET Framework Remote Code Execution Vulnerability. Some people have reported that after installing the patches (mainly KB4457916 and KB4457035), their Workflows fail to execute and the logs will show an error similar to this:
Microsoft.SharePoint.SPException: <Error><CompilerError Line="-1" Column="-1" Text="Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file."
Existing workflows usually proceed working, but deploying or starting a new workflow gives the message "Failed on start".
In order to fix this we created a Powershell script. This script will add authorization for workflows in web.config files on each SharePoint server. This needs to be done to allow SharePoint to use the advanced workflows.
Use the following steps to fix the issue:
1. Download the script "FixSharePointWorkflowSecurityPatch.ps1"
2. Open an RDP session to a SharePoint server (excluding search!) with sufficient permissions (Farm admin)
3. Paste the "FixSharePointWorkflowSecurityPatch.ps1" script to a safe location
4. Run the script by right-clicking it and selecting "Run with Powershell"
You will see a bunch of verbose logging about authorizedtypes and the script will automatically close once completed.
To check if the script was successful, open a web.config file of a SharePoint web application and look for the following lines:
At Cadac, we distinguish between Sales, Service & Support. We take Sales & Service for granted. We help you purchase your product, service, training or expert and make sure you can get started without any problems. Free of charge and for nothing. You can start using your software carefree, we make sure you can get the most out of it.
Are you running into technical software problems? Then you can use Cadac Support. By submitting the correct information, we can help you as quickly as possible.