Nssm-2.24 Privilege Escalation //top\\ -

The directory where the nssm.exe binary or the target application executable resides has "Modify" or "Full Control" permissions granted to "Authenticated Users" or "Everyone."

: Version 2.24 was released in 2014 and remains the standard "stable" version bundled with many older applications. nssm-2.24 privilege escalation

: A program (like Apache CouchDB ) installs NSSM 2.24 into a directory where regular users have "Write" or "Modify" permissions. The directory where the nssm

NSSM allows users to install a service by specifying an application path (e.g., nssm install ServiceName "C:\Path\To\App.exe" ). While NSSM attempts to validate the executable, version 2.24 contains logic flaws regarding how it handles the executable path and command-line arguments passed to the Windows Service Control Manager (SCM). While NSSM attempts to validate the executable, version 2

In the world of Windows system administration, the is a beloved tool. It allows users to wrap any executable into a Windows service, ensuring applications restart automatically after crashes or reboots. However, security researchers have identified specific configurations and vulnerabilities within certain versions—most notably discussed around version 2.24—that can lead to Privilege Escalation (LPE) .

, have been observed using NSSM to create malicious services (e.g., "sysmon") that launch tunneling tools or establish persistence with elevated rights. Investigative & Security Steps To identify or prevent these issues, administrators should: Phoenix Contact

Typical exploitation scenarios