You are patching your SharePoint Farm as you should. Protect, defend and update is what a great SharePoint Administrator should do.

However, this time you update and while after the reboot everything looks to be working… something has gone terribly wrong, all your workflows fail.

SharePoint logs will show something like the following:

*09/13/2018 01:59:07.57 w3wp.exe (0x1868) 0x22FC SharePoint Foundation Workflow Infrastructure **72fs** Unexpected RunWorkflow: Microsoft.SharePoint.SPException: <Error><CompilerError Line=”-1″ Column=”-1″ Text=”Type**System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file.”** /><CompilerError Line=”-1″ Column=”-1″*

The patch is related to the .NET security remote code execution vulnerability CVE-2018-8421, which is of course serious and one should patch.

However, after reading up a little, the vulnerability has not been publicly disclosed or even exploited yet, so very unlikely to be used by an attacker at this very moment.

We now know that the .NET config is changed and since SharePoint Workflow relies heavily on that configuration we can see where this is heading.

Essentially, the changes are not good and while they might be needed, they cause more damage than resolve harm.

These are the Windows Update patches to avoid

KB4457026

KB4457045

KB4457034

KB4457035

KB4457056

KB4457131

And they affect SharePoint 2013 and SharePoint 2016.

While there is a fix, it has not been a conclusive one with mixed results.  We suggest avoiding the updates until they themselves are updated and ready.

More info can be found here or watch the video here.