Privilege Escalation | Nssm-2.24

When NSSM 2.24 is present, it is usually targeted via three common Windows service misconfigurations: Head Mare and Twelve: Joint attacks on Russian entities

nssm set <service_name> Application "C:\temp\malware.exe" nssm-2.24 privilege escalation

), Windows may attempt to execute files at each space-separated segment. An attacker with write access to the root or parent directory can place a malicious executable (like C:\Program.exe SYSTEM privileges when the service restarts. Insecure File Permissions When NSSM 2

: A more recent vulnerability identified in products like Phoenix Contact Device and Update Management involves misconfigured permissions on nssm.exe specifically, allowing low-privileged local attackers to gain administrative access. Vulnerability Summary Table CVE-2016-8742 Detail - NVD When NSSM 2.24 is present