Nssm-2.24 Privilege Escalation Site

Writable service binary or helper

: Ensure all service binary paths are wrapped in double quotes. nssm-2.24 privilege escalation

Newer versions of NSSM (2.24 is the last stable release as of 2016; no official updates after) do not address these privilege escalation vectors. However, the problem is less about a bug in NSSM and more about combined with NSSM’s lack of built-in security hardening. Attackers target version 2.24 because: Writable service binary or helper : Ensure all

: Vulnerable because files inherited parent directory permissions, allowing non-privileged users to swap the service launcher. Wowza Streaming Engine : Allowed authenticated users to replace nssm_x64.exe to gain LocalSystem rights. National Institute of Standards and Technology (.gov) 2. Unquoted Service Path Vulnerability If NSSM is installed in a path containing spaces (e.g., C:\Program Files\App\nssm.exe ) and the service's Attackers target version 2

where nssm

Technical background (how unquoted service path LPE works)

When NSSM 2.24 is present, it is usually targeted via three common Windows service misconfigurations: Head Mare and Twelve: Joint attacks on Russian entities

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close