WiX v3.10.4 and WiX v3.11.1 released
Today, as we bid an indifferent farewell to the 12-month period known as 2017, we shipped WiX v3.10.4 and WiX v3.11.1 to mitigate a vulnerability in Burn. The vulnerability is a little tougher to exploit than the one fixed in WiX v3.10.2; this one requires already-running malicious code that’s specially-crafted to look for bundles that are running with elevated privileges.
As always, we recommend updating to the latest and greatest as soon as possible. Your users won’t thank you but they will yell if you left them vulnerable when you could’ve easily prevented it. The only change is this one small fix, so upgrade with a clear conscience.