Security News > 2022 > February > Microsoft starts killing off WMIC in Windows, will thwart attacks
Exe in Windows Server in favor of Windows PowerShell, which also includes the ability to query Windows Management Instrumentation.
"The WMIC tool is deprecated in Windows 10, version 21H1 and the 21H1 General Availability Channel release of Windows Server. This tool is superseded by Windows PowerShell for WMI," explains the list of deprecated Window features.
As first noted by security researcher Grzegorz Tworek, Microsoft has now begun removing WMIC from Windows clients, starting with Windows 11 preview builds in the Dev channel.
BleepingComputer has independently confirmed that from at least build 22523 and later, WMIC is no longer available in Windows 11 preview builds in the 'Dev' channel, but Microsoft could have removed it in earlier builds.
We will likely see Microsoft expanding the deprecation of WMIC.exe to Windows 11 general release and possibly Windows 10 in the future.
Some legitimate Windows tools abused by threat actors include but are not limited to Microsoft Defender, Windows Update, CertUtil, and even the Windows Finger command.
News URL
Related news
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft: Windows 11 22H2 Home and Pro reached end of servicing (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Microsoft blocks Windows 11 24H2 on two ASUS models due to crashes (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)