Restrict write access to the service parameters registry key for non-admin users:
NSSM version 2.24 is vulnerable to local privilege escalation when installed with insecure file permissions, allowing low-privileged users to replace the executable and run malicious code as SYSTEM. The vulnerability stems from Weak Service Permissions where attackers modify the service binary path, requiring remediation via strict Access Control List (ACL) configuration on the executable directories. For more information, visit the official nssm.cc documentation. nssm-2.24 privilege escalation
Attackers typically target NSSM-managed services through the following methods: Unquoted Service Paths Draft: Privilege Escalation via NSSM 2
When NSSM 2.24 is present, it is usually targeted via three common Windows service misconfigurations: Head Mare and Twelve: Joint attacks on Russian entities visit the official nssm.cc documentation.