Workflows stop working after security patch CVE-2019-8421

Microsoft released a few .NET patches in September 2018 that patch for CVE-2018-8421 which is a .NET Framework Remote Code Execution Vulnerability. Some people have reported that after installing the patches (mainly KB4457916 and KB4457035), their Workflows fail to execute and the logs will show an error similar to this:

Microsoft.SharePoint.SPException: <Error><CompilerError Line="-1" Column="-1" 
Text="Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file."

Existing workflows usually proceed working, but deploying or starting a new workflow gives the message "Failed on start".

In order to fix this we created a Powershell script. This script will add authorization for workflows in web.config files on each SharePoint server. This needs to be done to allow SharePoint to use the advanced workflows.

Use the following steps to fix the issue:

1. Download the script "FixSharePointWorkflowSecurityPatch.ps1"

2. Open an RDP session to a SharePoint server (excluding search!) with sufficient permissions (Farm admin)

3. Paste the "FixSharePointWorkflowSecurityPatch.ps1" script to a safe location

4. Run the script by right-clicking it and selecting "Run with Powershell"

You will see a bunch of verbose logging about authorizedtypes and the script will automatically close once completed.

To check if the script was successful, open a web.config file of a SharePoint web application and look for the following lines: