The attacker waits for a reboot or uses wmic service to attempt a restart if they have the rights to do so. How to Mitigate NSSM-2.24 Risks
Writable service binary or helper
: A more recent vulnerability identified in products like Phoenix Contact Device and Update Management involves misconfigured permissions on nssm.exe specifically, allowing low-privileged local attackers to gain administrative access. Vulnerability Summary Table CVE-2016-8742 Detail - NVD nssm-2.24 privilege escalation