!!link!! - Nssm-2.24 Privilege Escalation

To prevent your NSSM installation from becoming a gateway for attackers, follow these security best practices: 1. Audit File System Permissions

, have been observed using NSSM to create malicious services (e.g., "sysmon") that launch tunneling tools or establish persistence with elevated rights. Investigative & Security Steps To identify or prevent these issues, administrators should: Phoenix Contact nssm-2.24 privilege escalation

Privilege escalation typically occurs not because of a bug in NSSM, but because of misconfigurations in the services it creates. In many cases, these misconfigurations allow a low-privileged user to gain SYSTEM or Administrator access. 1. Unquoted Service Paths To prevent your NSSM installation from becoming a

A simple PoC to demonstrate the flaw (assuming you have nssm 2.24.exe in the current directory and a standard user account): Or check the registry directly:

Furthermore, specific to NSSM 2.24, the tool allows the modification of the AppParameters or Application registry keys (located at HKLM\SYSTEM\CurrentControlSet\Services\ServiceName\Parameters ) without strict integrity checks if the attacker has sufficient privileges to modify the service configuration (often achievable via standard user rights if service permissions are misconfigured).

Or check the registry directly: