Run icacls "C:\Path\To\nssm.exe" /grant "Administrators:F" /inheritance:r to set restrictive permissions. 2. Quote Service Paths Check all services for missing quotes in the image path. Action: Use PowerShell to identify risks: powershell
The discovery of and the update to CVE-2024-51448 serve as a critical reminder that convenience tools like NSSM 2.24 become security liabilities when file permissions are misconfigured. While NSSM itself is not inherently malicious, its integration into enterprise installers often inherits the "lazy" security posture of the parent application.
This is because newer Windows defenses like Safe DLL Search Mode do not block this if the working directory is first in the search order. nssm224 privilege escalation updated
The service path contains spaces and lacks quotes, allowing a malicious executable to be placed earlier in the path.
Using Windows built-in tools or PowerShell to find services managed by NSSM or custom wrappers: powershell Run icacls "C:\Path\To\nssm
Check service ImagePath and account:
Understanding NSSM224 Privilege Escalation: Mechanism, Exploitation, and Mitigation Executive Summary Action: Use PowerShell to identify risks: powershell The
Attackers can change the AppDirectory or AppParameters registry keys to force the service to run arbitrary code. 2. Updated Privilege Escalation Techniques (2026)
Several factors have pushed this specific search term back into the spotlight: