Microsoft announced today at its Build 2026 developer conference the release of Coreutils for Windows, bringing many commonly used Linux command-line utilities to Windows as native applications.
The project is based on the open-source uutils project, a cross-platform rewrite of the GNU coreutils in Rust, and is designed to make it easier for developers to switch between Linux, macOS, Windows, and Windows Subsystem for Linux (WSL) without changing workflows.
"Developers constantly move between platforms, but familiar commands don't work consistently, forcing workarounds, lost speed and context switching," announced Microsoft.
"To address this, we've built Coreutils for Windows from the uutils open-source project, a cross-platform reimplementation of GNU Coreutils in Rust. These are Linux-like command-line utilities that run natively on Windows."
According to Microsoft, the goal is to make existing commands and tools work across platforms so that scripts can be used on Windows without modification or other tools.
The Coreutils for Windows project has also been released on GitHub as a Microsoft-maintained package that combines uutils/coreutils, findutils, and a GNU-compatible grep implementation into a single binary.
Linux utilities running natively on Windows
Coreutils for Windows includes numerous commands commonly used in Linux, such as cat, cp, find, grep, hostname, ls, mv, pwd, rm, sleep, tee, and uptime.
The utilities can be installed through WinGet using the following command:
winget install Microsoft.Coreutils
Rather than creating separate executables for each program, Microsoft created a single coreutils.exe binary that contains all the functionality of each program.
When Coreutils for Windows is installed, the setup creates NTFS hardlinks for each supported command, such as ls.exe, cp.exe, cat.exe, and rm.exe, that all point to the c:\Program Files\coreutils\coreutils.exe executable.
When a user launches one of these commands, Windows loads coreutils.exe, which determines which utility to run based on the name of the command that was executed. This allows Microsoft to maintain a single executable while still providing individual Linux-style commands.
Running fsutil hardlink list coreutils.exe shows dozens of command names, including cat.exe, cp.exe, cut.exe, base64.exe, and others, all referencing the same file on disk.
Coreutils using NTFS hardlinks to map commands to binary
As many Linux command names conflict with existing Command Prompt and PowerShell commands, Microsoft shared a compatibility table showing how each utility behaves in different Windows shells.
For example, commands such as ls, cat, cp, mv, rm, pwd, sleep, and tee are included with the package.
However, whether the Coreutils version is executed depends on the shell being used, the order of directories in the system PATH, and the PowerShell alias table.
Other commands, including dir, more, paste, and whoami, are not shipped because they conflict with existing Windows commands.
Microsoft also did not release several popular Unix utilities that rely on POSIX functionality, which is unavailable on Windows, including chmod, chown, chroot, nohup, tty, and who.
The company says they also did not release the 'kill' or 'timeout' commands, as Windows does not support POSIX signals, though this may be possible in the future.
Microsoft also warns that there may be differences between Linux functionality and how commands work in Windows due to differences in line feeds, file permissions, and POSIX support.
Coreutils for Windows was announced as part of Microsoft's strategy to make Windows a developer-friendly platform.
During Build 2026, the company also announced WSL containers, which will provide a built-in way to create, run, and interact with Linux containers on Windows using native CLI and API tools.
Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.
This guide covers the 6 surfaces you actually need to validate.
Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence's area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now
<small>Source: Bleeping Computer</small>
