Microsoft .Net Framework security update

Recently Microsoft has released the September 2018 .NET Framework security updates to resolve CVE-2018-8421 (.NET Framework Remote Code Execution Vulnerability). When this update is applied to SharePoint on-premises environments, all SharePoint out-of-the-box and Nintex workflows will be impacted and may not run or fail to publish.  

Why are SharePoint workflows impacted when this security update is applied?

Workflow Foundation will only run SharePoint workflows when all dependent types and assemblies are authorized in the .NET config file so when this .net Framework security update is applied, some types that are used by SharePoint and Nintex workflow that were not previously required are now required.

How do I know if I am impacted?

You are impacted if you have applied the following .NET Framework security update to your SharePoint environment including 2007, 2010, 2013 and 2016. The following errors while using Nintex Workflows would have been encountered when executing or publishing workflows.

I am impacted, what do I need to do?

Microsoft has suggested a workaround, which is to add explicitly the types to all web application’s web.config and OWSTIMER.exe.config.

Refer to the following post which contains detailed steps of the workaround for Nintex workflows under the Additional Information section:

https://blogs.msdn.microsoft.com/rodneyviana/2018/09/13/after-installing-net-security-patches-to-add...

For SharePoint workflows, please refer to this Microsoft post: https://support.microsoft.com/en-us/help/4465015/sharepoint-workflows-stop-after-cve-2018-8421-secur...

I have questions about the remediation steps, who do I contact?

We advise to reach out to Microsoft Support.