Nssm-2.24 Privilege Escalation Fix Jun 2026

Use AppLocker or WDAC to block older versions of NSSM (hash-based rule for version 2.24).

This article dissects the mechanics of the NSSM 2.24 privilege escalation attack, why it works, and what happens when an attacker gains a foothold on a machine with this version installed. nssm-2.24 privilege escalation

Summary

The is a popular tool for running any application as a Windows service. While the tool itself is not inherently malicious, it is frequently exploited for Local Privilege Escalation (LPE) due to misconfigurations or unquoted service paths. Core Vulnerability: Unquoted Service Paths Use AppLocker or WDAC to block older versions

Modern service managers include safeguards against arbitrary binary replacement and insecure service configuration modification. NSSM 2.24, however, was designed for convenience—not security. Its core features that enable privilege escalation include: While the tool itself is not inherently malicious,

where nssm

If permissions are weak, the attacker renames the original nssm.exe and uploads a malicious executable with the same name.