: Attackers check the Application registry value to find the exact binary NSSM is calling. Security researchers from MDSec have documented similar "junction" and "symbolic link" attacks in Windows services to redirect file operations, which can be applied to NSSM's file logging features.
The service path contains spaces and lacks quotes, allowing a malicious executable to be placed earlier in the path. nssm224 privilege escalation updated