Ensure that only SYSTEM and Administrators have write access to the directory where nssm.exe is stored.
It is known to leak thread handles during application restarts, which can eventually lead to system instability. nssm-2.24 exploit
This misconfiguration allowed an attacker with write permissions to any directory along the path hierarchy to plant a malicious executable that would be executed with the service's privileges (often SYSTEM level) before the legitimate nssm.exe was loaded. The Odoo exploit is documented in Exploit-DB and serves as a cautionary example for administrators deploying NSSM in directory paths containing spaces. Ensure that only SYSTEM and Administrators have write
The vulnerability in NSSM-2.24 arises from a flawed handling of service configuration files. Specifically, the software fails to properly validate user input when parsing service configuration files, allowing an attacker to inject malicious commands. This can lead to privilege escalation, as the service manager runs with elevated privileges. The Odoo exploit is documented in Exploit-DB and
def exploit_nssm(): # Replace with your malicious executable path malicious_executable = "C:\\path\\to\\malicious.exe"