Наши партнеры
# Start or restart the nssm service to execute the payload net start nssm
Attackers can change the AppDirectory or AppParameters registry keys to force the service to run arbitrary code. 2. Updated Privilege Escalation Techniques (2026)
Consider deploying application whitelisting (e.g., Windows Defender Application Control or AppLocker) to allow only signed or trusted binaries to execute. This can prevent a malicious replacement of nssm.exe from ever running, even if the file is replaced. nssm224 privilege escalation updated
Version of NSSM is the last stable release before the fix was introduced in the 2.25 pre‑release builds. Despite its age, NSSM 2.24 remains embedded in thousands of software installers, internal corporate scripts, and third‑party products — making the vulnerability particularly widespread.
sc sdset MyService D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU) # Start or restart the nssm service to
This guide breaks down the mechanics of NSSM privilege escalation, explains how to identify weak service permissions, and details remediation steps to secure your environment. What is NSSM and Why is it Targeted?
If the service runs as SYSTEM, an attacker with write access to C:\ or C:\Program Files\ can place a malicious Program.exe or Files.exe . When the service starts, the attacker’s binary executes with SYSTEM rights. This can prevent a malicious replacement of nssm
If an administrator misconfigures the registry ACLs—granting write access to non-administrative users on the service's subkeys—an attacker can change the Application value to point to C:\Windows\System32\cmd.exe or a custom backdoor.
Create a or a standard Managed Service Account (MSA) .
Related search suggestions (You may ignore these or use them to run further research.)
, use NSSM 2.24 to create persistent malicious services named "sysmon" or "edge.exe" to launch tunneling tools like for remote access. National Institute of Standards and Technology (.gov) Recent Vulnerability: CVE-2025-41686 A critical flaw (
