In this recipe, we will understand how an attacker gains an insight of escalating privileges through WMIC. WMIC extends for operation from several command-line interfaces and through batch scripts. WMI stands for Windows Management Instrumentation. WMIC can be used, apart from several things, to the patches that are installed on the system. To better understand it provides a list of all the details of the security patches installed during a Windows update or manual patches being put into place. They usually look like (KBxxxxx).
To demonstrate this, we will require a Windows 7 machine with a minimum of two cores. If we are testing it in the VM, we can set the number of cores to 2. The patch has to be missing as well for this recipe to work.