Security News > 2022 > February > Microsoft starts killing off WMIC in Windows, will thwart attacks

Exe in Windows Server in favor of Windows PowerShell, which also includes the ability to query Windows Management Instrumentation.
"The WMIC tool is deprecated in Windows 10, version 21H1 and the 21H1 General Availability Channel release of Windows Server. This tool is superseded by Windows PowerShell for WMI," explains the list of deprecated Window features.
As first noted by security researcher Grzegorz Tworek, Microsoft has now begun removing WMIC from Windows clients, starting with Windows 11 preview builds in the Dev channel.
BleepingComputer has independently confirmed that from at least build 22523 and later, WMIC is no longer available in Windows 11 preview builds in the 'Dev' channel, but Microsoft could have removed it in earlier builds.
We will likely see Microsoft expanding the deprecation of WMIC.exe to Windows 11 general release and possibly Windows 10 in the future.
Some legitimate Windows tools abused by threat actors include but are not limited to Microsoft Defender, Windows Update, CertUtil, and even the Windows Finger command.
News URL
Related news
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Microsoft lifts Windows 11 update block for some AutoCAD users (source)
- Microsoft replacing Remote Desktop app with Windows App in May (source)
- Microsoft: Recent Windows updates make USB printers print random text (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Microsoft: March Windows updates mistakenly uninstall Copilot (source)
- Microsoft fixes Windows update bug that uninstalled Copilot (source)
- Microsoft lifts Windows 11 upgrade block after Asphalt 8 crash fix (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)