Sharepoint Workflows Stop Working After Patching For CVE-2018-8421

By |2018-10-04T09:56:41+00:00October 1st, 2018|Categories: Apps|Tags: , , , , , |6 Comments
Share This Article:

Microsoft released a few .NET patches in September 2018 that patch for CVE-2018-8421 which is a .NET Framework Remote Code Execution Vulnerability. Some people have reported that after installing the patches (mainly KB4457916 and KB4457035), their out-of-the-box Workflows fail to execute and the logs will show an error similar to this:

09/13/2018 01:59:07.57 w3wp.exe (0x1868) 0x22FC SharePoint Foundation Workflow
Infrastructure 72fs Unexpected RunWorkflow:
Microsoft.SharePoint.SPException: <Error><CompilerError Line="-1" Column="-1" 
Text="Type System.CodeDom.CodeBinaryOperatorExpression is not marked
as authorized in the application configuration file."
 /><CompilerError Line="-1" Column="-1" Text="Type 
System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized 
in the application configuration file." /><CompilerError Line="-1"
 Column="-1" Text="Type System.CodeDom.CodeBinaryOperatorExpression is 
not marked as authorized in the application configuration file." 
/><CompilerError Line="-1" Column="-1" Text="Type 
System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized 
in the application configuration file." /><CompilerError Line="-1"
 Column="-1" Text="Type System.CodeDom.CodeBinaryOperatorExpression is 
not marked as authorized in the application configuration file." 
/><CompilerError Line="-1" Column="-1" Text="Type 
System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized 
in the application configuration file." /><CompilerError Line="-1"
 Column="-1" Text="Type System.CodeDom.CodeBinaryOperatorExpression is 
not marked as authorized in the application configuration file." 
/><CompilerError Line="-1" Column="-1"…

Workflow Foundation will only run workflows when all the dependent types and assemblies are authorized in the .NET config file (or added explicitly via code) under this tree:

<configuration>

<System.Workflow.ComponentModel.WorkflowCompiler>

<authorizedTypes>

<targetFx>

How To Fix Sharepoint Workflows Stop Working After Patching

The fix will depend on the version of Sharepoint you’re using. You’ll need to add the code below to all of your application web.config files under the tree mentioned above. After making the changes below, you’ll need to restart IIS and possible reboot the Windows server before Workflows will start working again.

For Sharepoint 2013 or Newer

              <authorizedType Assembly=”System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodeBinaryOperatorExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodePrimitiveExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodeMethodInvokeExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodeMethodReferenceExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodeFieldReferenceExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodeThisReferenceExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodePropertyReferenceExpression” Authorized=”True” />

For Sharepoint 2007 or 2010

              <authorizedType Assembly=”System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodeBinaryOperatorExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodePrimitiveExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodeMethodInvokeExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodeMethodReferenceExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodeFieldReferenceExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodeThisReferenceExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodePropertyReferenceExpression” Authorized=”True” />

For more information regarding this issue, you can visit this MSDN Blog Post.


Share This Article:

 

Related Content

6 Comments

  1. Rakhi October 3, 2018 at 9:59 am - Reply

    After adding the SharePoint 2013 code I get the error below when going to the site. Anyone else experienced this?

    500 – Internal server error.

    There is a problem with the resource you are looking for, and it cannot be displayed.

    • Robert Russell October 3, 2018 at 10:51 am - Reply

      Just to confirm, did you add the Sharepoint 2013 code directly under this section in your web.config?

      <configuration>

      <System.Workflow.ComponentModel.WorkflowCompiler>

      <authorizedTypes>

      <targetFx>

  2. Rakhi October 4, 2018 at 3:20 am - Reply

    I have tried in a few places after reading comments above. I have tired directly under the below and still get the same error

    • Robert Russell October 4, 2018 at 6:09 am - Reply

      Are you using custom workflows? The above code is for the out-of-the-box workflows. If you have custom ones you may need to add additional code based on those workflows.

  3. Rakhi October 4, 2018 at 6:37 am - Reply

    Thanks Robert

    This is now working after IIS and server restart

    • Robert Russell October 4, 2018 at 6:44 am - Reply

      Thanks for the info. I’ll edit the article today to add a note about restarting.

Leave a Comment