Nssm224 Privilege Escalation - Updated //top\\
While there is no specific "NSSM 2.24" unique vulnerability ID, NSSM (Non-Sucking Service Manager) version 2.24 is frequently used in scenarios involving local privilege escalation (LPE) due to its role as a service wrapper and historical configuration issues . 1. Common Privilege Escalation Vectors
- Update nssm to version 2.24.0 or later: The latest version of nssm includes a fix for this vulnerability.
- Restrict access to the nssm service configuration directory: Ensure that only authorized users and services have write access to the
nssmservice configuration directory. - Monitor service configuration files: Regularly monitor service configuration files for suspicious changes.
Check service ImagePath and account:
- NSSM official documentation:
nssm.cc - ATT&CK Technique T1053.005 – Service Execution
- Microsoft Security Advisory for Service Permission Escalation (2024)
- 2025 Black Hat talk: “Non-Sucking Service Manager: Still Sucking at Privilege Separation”
In the context of privilege escalation, "creating a feature" refers to an attacker abusing the core functionality of NSSM—its ability to install and manage Windows services—to execute malicious code with higher-level permissions (e.g., NT AUTHORITY\SYSTEM Key exploit methods include: Binary Replacement (Service Sideloading): If the directory containing nssm224 privilege escalation updated
Introduction
For years, system administrators have relied on NSSM (Non-Sucking Service Manager) to run unstable or legacy batch scripts as robust Windows services. Its ability to monitor process health, restart crashed executables, and handle graceful shutdowns made it indispensable. While there is no specific "NSSM 2
have "Write" or "Modify" permissions on the folder containing Update Bundled Software: For products like Phoenix Contact, update to version or later to resolve hardcoded permission flaws. Transition to Modern Wrappers: Update nssm to version 2
Exploitation Details