Security News > 2022 > February > Microsoft starts killing off WMIC in Windows, will thwart attacks
Exe in Windows Server in favor of Windows PowerShell, which also includes the ability to query Windows Management Instrumentation.
"The WMIC tool is deprecated in Windows 10, version 21H1 and the 21H1 General Availability Channel release of Windows Server. This tool is superseded by Windows PowerShell for WMI," explains the list of deprecated Window features.
As first noted by security researcher Grzegorz Tworek, Microsoft has now begun removing WMIC from Windows clients, starting with Windows 11 preview builds in the Dev channel.
BleepingComputer has independently confirmed that from at least build 22523 and later, WMIC is no longer available in Windows 11 preview builds in the 'Dev' channel, but Microsoft could have removed it in earlier builds.
We will likely see Microsoft expanding the deprecation of WMIC.exe to Windows 11 general release and possibly Windows 10 in the future.
Some legitimate Windows tools abused by threat actors include but are not limited to Microsoft Defender, Windows Update, CertUtil, and even the Windows Finger command.
News URL
Related news
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- Microsoft: Recent Windows updates cause Remote Desktop issues (source)
- Microsoft fixes printing issues caused by January Windows updates (source)
- Microsoft: New Windows scheduled task will launch Office apps faster (source)
- Microsoft fixes Remote Desktop issues caused by Windows updates (source)
- Microsoft's killing script used to avoid Microsoft Account in Windows 11 (source)
- Microsoft tests new Windows 11 tool to remotely fix boot crashes (source)
- New Windows 11 trick lets you bypass Microsoft Account requirement (source)
- Microsoft adds hotpatching support to Windows 11 Enterprise (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)