As we already explained on one occasion in this blog, Windows Management Instrumentation, WMI, is a technology owned by the company Microsoft®.
But there’s even more!
Things have changed and we are going to tell you all about it!
Do you already know what WMI is and why it will be discontinued?
WMIC was the WMI command-line utility, which provided an interface for the Distributed Component Object Model (DCOM) Remote Protocol.
This protocol, in turn, allows remote procedure calls (RPC) with a set of extensions overlaid on Microsoft Remote Procedure Call Extensions.
DCOM is used for communication between software components such as Pandora FMS and networked devices.
The benefits of monitoring are unavoidable and this type of technology (communication and connection protocols) are used to work, prevent problems and progress.
However, it all depends on the use it is given:
In January 2021, the MITRE corporation registered the CVE-2021-26414 vulnerability, which recognizes that there was a possibility to access the privileges of a normal user, a non-MS Windows® system administrator user.
*Common Vulnerabilities and Exposures is a list of registered U.S. government information about known security vulnerabilities, in which each reference has a CVE-ID identification number.
The exploitation of this weakness is not given by fortuitous conditions.
Never, right at first, an attacker who manages to gain access, stays only as a normal user, no, they usually become system administrators.
Thus, time and commitment are required to study the victim and achieve the task.
The company Microsoft®, concerned about the peace of mind of their customers, decided to publish and distribute the security patch called KB5004442 (February 2022), which increases user authentication.
Therefore, WMIC is not able to connect despite being a product from that same software brand.
However, that’s actually a side effect, not the main reason why the WMIC software was discontinued.
For some time now, Microsoft, progressively, has been updating, deleting and improving each of its components, and has even created new utilities.
This is the case of PowerShell, which will bear the new responsibilities inherited from WMIC from now on.
At Pandora FMS, always respecting our security architecture, we presented PandoraWMIC. Improved software for the new WMI connection requirements, which avoids this type of inconvenience, both in the Open version and in the Enterprise version.
Absolutely no one is safe from security attacks. This is only a small edge from the whole picture.
You may check our official documentation on this topic:
https://pandorafms.com/manual/en/documentation/07_technical_annexes/15_security_architecture
Programmer since 1993 at KS7000.net.ve (since 2014 free software solutions for commercial pharmacies in Venezuela). He writes regularly for Pandora FMS and offers advice on the forum . He is also an enthusiastic contributor to Wikipedia and Wikidata. He crushes iron in gyms and when he can, he also exercises cycling. Science fiction fan. Programmer since 1993 in KS7000.net.ve (since 2014 free software solutions for commercial pharmacies in Venezuela). He writes regularly for Pandora FMS and offers advice in the forum. Also an enthusiastic contributor to Wikipedia and Wikidata. He crusher of irons in gyms and when he can he exercises in cycling as well. Science fiction fan.
