Security Issue in Windows Workflow Foundation

Windows Workflow Foundation (WF) has a serious issue that means it is incompatible with the FIPS security standard; an important standard to many. When you run application based on WF on a secure system the workflow application will crash. (http://support.microsoft.com/kb/928833/)

The only workaround seems to be to disable security for the components of the application that use WF. I would imagine that Vendors who have based their applications entirely on WF are going to have a tough time explaining this to their customers. It appears that Microsoft has plans to correct the issue in WF v4 so for some – this will mean waiting until the next release to use applications that rely on WF.

Bob posted at 2009-10-9 Category: Active Directory | Tags:

5 Responses Leave a comment

  1. #1Steve @ 2009-10-9 12:00

    Does this mean that SharePoint workflow, Dynamics CRM, and Forefront Identity Manager will crash on FIPS machines? They all use Windows Workflow.

  2. Bob Bobel @ 2009-10-10 06:45

    That is a really good question.

  3. #2Dave @ 2009-10-10 19:47

    It looks like this has been fixed since .NET 3.0 SP1 for WCF and WF
    http://blogs.thinktecture.com/cweyer/archive/2008/01/16/415099.aspx

    Dave

  4. #3caius @ 2009-10-11 06:38

    Bob, this issue was already resolved in November 2007 with the .net framework 3.0 sp1.

    http://support.microsoft.com/kb/945826

  5. #4Bob Bobel @ 2009-10-12 06:30

    Your links mention Windows Communciation Foundation (WCF) – not Windows Workflow Fodation – (WF)

    WF is broken until WF 4.0.

Leave a Reply

(Ctrl + Enter)