If you see nssm-2.24.exe , assume an attacker can become SYSTEM within minutes. Upgrade immediately, or remove it entirely in favor of native Windows tools like sc.exe or PowerShell’s New-Service .

Or via registry (if direct sc fails):

: Use sc qc [ServiceName] to check for unquoted paths or insecure binary locations.

sc sdset MyNSSMService "D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)"

A service is created using NSSM to run under the LocalSystem account.

: If a service created by NSSM has a path containing spaces and is not enclosed in quotation marks (e.g., C:\Program Files\My Service\nssm.exe

Nssm-2.24 Privilege Escalation !free! Jun 2026

If you see nssm-2.24.exe , assume an attacker can become SYSTEM within minutes. Upgrade immediately, or remove it entirely in favor of native Windows tools like sc.exe or PowerShell’s New-Service .

Or via registry (if direct sc fails):

: Use sc qc [ServiceName] to check for unquoted paths or insecure binary locations. nssm-2.24 privilege escalation

sc sdset MyNSSMService "D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)" If you see nssm-2

A service is created using NSSM to run under the LocalSystem account. If you see nssm-2.24.exe

: If a service created by NSSM has a path containing spaces and is not enclosed in quotation marks (e.g., C:\Program Files\My Service\nssm.exe