Nssm-2.24 Privilege Escalation 99%

: An attacker can place a malicious program.exe in C:\ or nssm.exe in C:\Program Files\ . When the service restarts, Windows may execute the attacker's file instead of the intended one, granting SYSTEM privileges . Exploitation in the Wild

NSSM is a highly popular open-source utility designed to run any standard executable or script as a native Windows service.

If you are a system administrator or a security professional, understanding how this privilege escalation works is critical for securing Windows environments. What is NSSM-2.24? nssm-2.24 privilege escalation

C:\ProgramData\... or C:\Program Files\... with weak permissions Full system takeover (Vertical Privilege Escalation) Detection EDR alerts for nssm.exe in unusual paths like \Windows\tmp\ Prevention & Mitigation

The Non-Sucking Service Manager (NSSM) version 2.24 is susceptible to a Local Privilege Escalation (LPE) vulnerability. NSSM is a utility used to wrap arbitrary applications as Windows Services. Due to insufficient sanitization of the application path and arguments when installed as a service, a local attacker can manipulate the service binary path to execute arbitrary code with SYSTEM privileges. : An attacker can place a malicious program

💡 Use the command accesschk.exe from the Sysinternals suite to quickly identify any services with weak permissions in your environment. If you'd like, I can help you with:

NSSM (Non-Sucking Service Manager) version 2.24 (and possibly prior versions) If you are a system administrator or a

where nssm

: Restrict write access for standard users on directories containing service executables.