The is a popular, lightweight tool used to turn Windows applications, scripts, and batches into managed services. By managing the service lifecycle, it ensures applications restart automatically if they crash. However, older versions, specifically NSSM 2.24 , have been associated with a critical vulnerability— Local Privilege Escalation (LPE) —that can allow a low-privileged user to gain NT AUTHORITY\SYSTEM rights.
The official NSSM 2.24 bug list indicates that while 2.25 fixes many issues, 2.24 is susceptible to issues like failing to launch if AppNoConsole is not set properly, which can sometimes lead to behavior that can be exploited by an attacker for persistence or escalation. Mitigation Strategies
NSSM stores its configuration parameters within the Windows Registry under the following path: HKLM\SYSTEM\CurrentControlSet\Services\ \Parameters nssm-2.24 privilege escalation
NSSM allows a standard user (without admin rights) to install a service, but here lies the critical catch: on Windows. You cannot simply run nssm install from a command prompt as a standard user and succeed. Or so the logic goes.
: The vulnerability involves manipulating the service configuration to execute commands with higher privileges than those granted to the user executing the NSSM service. The is a popular, lightweight tool used to
Understanding "NSSM-2.24 Privilege Escalation": Vulnerabilities, Mechanics, and Mitigation
The core issue across all these vulnerabilities is a fundamental failure of Windows NTFS file system security. Here is a step-by-step breakdown of a typical attack chain: The official NSSM 2
The most common privilege escalation involving NSSM 2.24 stems from "Unquoted Service Paths".
This is the most common real-world scenario. When an administrator installs NSSM or the application it wraps, they often place the binaries into custom directories (e.g., C:\Apps\MyService\ ).
Securing your environment against NSSM-related privilege escalation requires enforcing the principle of least privilege and maintaining software hygiene. 1. Enforce Strict Access Control Lists (ACLs)