Nssm224 Privilege Escalation Updated

version 2.24, a popular Windows tool used to run applications as services. Although NSSM 2.24 has been a standard release for years, recent security advisories in 2024 and 2025 have highlighted critical privilege escalation risks when it is bundled with other software. National Institute of Standards and Technology (.gov) Review of NSSM 2.24 Privilege Escalation Risks

If the command returns any IdentityReference entries besides SYSTEM or Administrators with write permissions, the binary is vulnerable.

Avoid configuring NSSM services to run as NT AUTHORITY\SYSTEM . Instead, create a dedicated, low-privileged Managed Service Account (MSA) tailored strictly to the application's operational needs. nssm224 privilege escalation updated

If you have permission to restart the service, do so. If not, wait for a system reboot. sc stop sc start Use code with caution. Copied to clipboard

If an administrator installs NSSM 2.24 and grants write permissions ( Modify , Full Control , or WriteData ) to unprivileged user groups (like Authenticated Users or Everyone ) on either the application directory or the registry keys, the system becomes vulnerable. Because Windows services typically run under high-privilege accounts like SYSTEM , compromising the service configuration leads directly to full local administrator access. Common Exploitation Vectors version 2

Q: How can I mitigate the NSSM224 privilege escalation vulnerability? A: To mitigate the NSSM224 privilege escalation vulnerability, update NSSM224 to the latest version, implement security controls, and use security software.

To secure systems running NSSM 2.24, follow these updated best practices: Avoid configuring NSSM services to run as NT

The executable or its directory allows write access ( W or F ) for Authenticated Users or Users groups. 2. Enumeration (Finding the Target)