Executive Risk Summary
"The WiX toolset's custom action behind `RemoveFolderEx` functionality allows a standard user to delete protected directories, potentially leading to unauthorized access and data loss. This vulnerability is fixed in WiX toolset versions 3.14.1 and 4.0.5."
Operational Audit Arsenal
Target Type Executable
Target Asset Windows Installer
Standard Path %windir%\System32\msiexec.exe
PowerShell
# 🛠️ Senior Engineer Universal Audit
# Target: Windows Installer (Executable)
$Targets = 'Windows Installer'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")
Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue |
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}Patch Impact Forecast
Reboot Required Unlikely
Installation services may be affected
Internal Work Notes
Apply WiX toolset updates to prevent unauthorized directory deletion and potential data loss.
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Official Advisoryhttps://github.com/wixtoolset/issues/security/advisories/GHSA-jx4p-m4wm-vvjg
Official Advisoryhttps://github.com/wixtoolset/wix/commit/2e5960b575881567a8807e6b8b9c513138b19742
Official Advisoryhttps://github.com/wixtoolset/wix3/commit/93eeb5f6835776694021f66d4226c262c67d487a
Official Advisoryhttps://github.com/wixtoolset/issues/security/advisories/GHSA-jx4p-m4wm-vvjg
Official Advisoryhttps://github.com/wixtoolset/wix/commit/2e5960b575881567a8807e6b8b9c513138b19742
Official Advisoryhttps://github.com/wixtoolset/wix3/commit/93eeb5f6835776694021f66d4226c262c67d487a
Related Microsoft Threats
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.