The is a popular, lightweight tool used to turn Windows applications, scripts, and batches into managed services. By managing the service lifecycle, it ensures applications restart automatically if they crash. However, older versions, specifically NSSM 2.24 , have been associated with a critical vulnerability— Local Privilege Escalation (LPE) —that can allow a low-privileged user to gain NT AUTHORITY\SYSTEM rights.
If the attacker has write access to the service configuration (often misconfigured in legacy systems), they can proceed.
The attacker runs:
Root cause
Security breaches resulting from such vulnerabilities can lead to regulatory compliance violations (GDPR, HIPAA, PCI-DSS, etc.), with associated financial penalties and reputational damage. nssm-2.24 privilege escalation
Note: This information is for educational and defensive purposes only.
On a vulnerable system, this file will be created by SYSTEM . On a patched system, NSSM will reject the change due to validation errors. The is a popular, lightweight tool used to
[Insert Date] Tags: #Windows #PrivilegeEscalation #NSSM #InfoSec
net stop <service_name> net start <service_name> If the attacker has write access to the
If NSSM 2.24 is installed to manage a service, and the executable path contains spaces but is not surrounded by quotes, a local attacker can exploit this.
In a locked-down environment, the user cannot start the service themselves. However, an attacker can simply wait for the server to reboot (or trigger a crash/reboot via another vector), at which point the service starts automatically.