Windows 11 discards WMIC (Windows Management Instrumentation Command-line) tool
In a significant move towards enhancing security and efficiency, Microsoft has announced that it will be phasing out the use of outdated tools like WMIC (Windows Management Instrumentation) and PowerShell 2.0 in the upcoming Windows 11 version 25H2. These tools, known as "Living Off the Land Binaries" (LOLBINs), are legitimate system tools that malware can exploit for malicious activities.
For years, Microsoft has been investing heavily in the development of PowerShell, a more modern and secure tool. PowerShell is set to take over all administrative tasks that were previously handled by WMIC. One of the key advantages of PowerShell is its ability to work with structured objects, unlike WMIC which returns data as strings that need analysis.
IT departments are advised to inventory all WMIC-dependent automations due to the removal of WMIC in Windows 11 version 25H2. Many standard tasks, including retrieving the serial number and querying installed software, will no longer work with WMIC in this version.
Microsoft will also be removing the outdated PowerShell 2.0 engine. PowerShell 2.0, declared obsolete in 2017 due to missing security features, will be removed from Windows 11 starting with version 24H2 in August 2025 and will also be removed from Windows Server in the September 2025 security update. Newer versions like PowerShell 5.1 and 7.x remain supported.
The transition phase for this change is expected to be intensive, requiring inventory, migration, and testing. The future of Windows command-line management belongs to PowerShell, and IT departments must undergo this transition to ensure a smooth operation.
Despite the removal of WMIC and PowerShell 2.0, the underlying Windows Management Instrumentation (WMI) infrastructure will remain in Windows 11. Microsoft recommends switching to PowerShell cmdlets like as a replacement for WMIC.
The example given for using PowerShell instead of WMIC is:
Modern PowerShell scripts are easier to maintain, more powerful, and more secure, making them a worthy replacement for WMIC. Removing WMIC and PowerShell 2.0 significantly reduces the attack surface of the operating system.
For those looking for guidance through this transition, Microsoft has made the free report "Windows 11 Complete Package" available. This report covers installation, data and program transfer, and key new features of Windows 11 25H2.
Starting with Windows 11 version 24H2, WMIC can still be added as an optional feature, but this option will be permanently removed in version 25H2. PowerShell 2.0 will be removed from Windows 11 24H2 and Windows Server 2025 starting in August and September 2025.
In conclusion, the shift from WMIC to PowerShell is an important step towards enhancing the security and efficiency of Windows 11. IT departments and users are advised to prepare for this transition to ensure a smooth operation.
%20tool){kind=link}