Nssm-2.24 Privilege Escalation !!top!!

There are two primary vectors through which an attacker uses NSSM to escalate privileges: 1. Insecure File and Folder Permissions (Weak ACLs)

The NSSM-2.24 privilege escalation vulnerability highlights the importance of continuous security assessment and timely patching of software. By understanding the technical details of the vulnerability and implementing the recommended mitigations, organizations can protect their systems from potential exploitation. It is crucial for users of NSSM to stay informed about security updates and to follow best practices for securing service management configurations.

Using accesschk.exe from Sysinternals or PowerShell, the attacker checks if they have SERVICE_CHANGE_CONFIG or WRITE_DAC rights: nssm-2.24 privilege escalation

Manually verify and correct permissions on nssm.exe installations:

: Version 2.24 was released in 2014 and remains the standard "stable" version bundled with many older applications. There are two primary vectors through which an

Look for nssm.exe in the path or the Parameters\Application registry key.

The next step is checking the permissions of the directory where the service executable is stored. If the "Authenticated Users" or "Users" group has write access, the system is vulnerable. Tool: icacls "C:\Path\To\Service" 3. The Swap It is crucial for users of NSSM to

Ensure you are using the latest version of the utility, though the underlying issue is often a configuration error.

While NSSM 2.24 is not vulnerable to the classic unquoted service path in its own code, it creates services that are. If an administrator uses NSSM to install a service with a path like C:\Program Files\MyApp\app.exe , and C:\Program Files\MyApp is writable by a non-admin user, an attacker can replace app.exe with a malicious binary.