WiX v3.10.4 and WiX v3.11.1 are important security releases of WiX. We strongly encourage all users of WiX to upgrade to WiX v3.11.1. If you must remain on a WiX v3.10 release, we highly recommend upgrading to WiX v3.10.4.

This security release addresses a DLL hijacking vulnerability in Burn introduced in WiX v3.10.2—ironically while fixing a more prevalent DLL hijacking vulnerability. This vulnerability differs from the previous vulnerability as it requires malicious code to already be executing. Thus it is not a remote execution vulnerability but can be used to escalate privileges.

The fix is a small code change to protect bundles when launched elevated. There are no additional changes.


Download WiX v3.10.4 here.

Download WiX v3.11.1 here.