Microsoft is removing the Windows Management Instrumentation (WMIC) command-line tool, wmic.exe, from the latest preview builds of Windows 11 in the Dev channel.

WMIC.exe is a built-in Microsoft program that provides command-line access to the Windows Management Instrumentation.

Using this tool, administrators can query the operating system for detailed information about installed hardware and Windows settings, run management tasks, and even execute other programs or commands.

Microsoft announced last year that it had begun deprecating wmic.exe in Windows Server in favor of Windows PowerShell, which also includes the ability to query Windows Management Instrumentation.

“WMIC has been deprecated in Windows 10 version 21H1 and the 21H1 release of Windows Server General Availability Channel. This tool has been replaced by Windows PowerShell for WMI,” the company explains.

Now, from build 22523 onwards, WMIC is no longer available on Windows.

WMIC.exe is already being used by attackers for a wide range of malicious activities. For example, ransomware ransomware typically uses a command to delete volume shadow copies so that victims cannot use them to recover files. Other attackers used WMIC to request a list of installed antivirus programs and even remove them. It has also been seen using WMIC to add exclusions to Microsoft Defender so that their malware is not detected on startup.

bbabo.Net