security - Why running a service as Local System is bad on windows?

Question

I am trying to find out the difference between difference service account types. I tumbled upon this question.

The answer was because it has powerful access to local resources, and Network Service should be used if possible.

But still I am not able to understand that if it has powerful access to local resources, how attacker can access the account? What are the ways to compromise the account? I understood it is all about security, but I don't know how. It could be dark hacker's world, however anybody could explain, in simple terms, why network service account is better than local account ?

Thanks in advance.

Answer 1

Every program you run increases the attack surface of your server.

You have to assume that a determined, malicious actor can exploit bugs or loopholes in your program to make it do anything. You mitigate that by executing your programs with the least privileges required to do their jobs.

Some of these exploits include:

• Luring attacks, in which an attacker tricks your program into executing their code under the program's elevated privileges.

• Buffer Overrun Attacks, in which extra data sent to a method is written into adjacent memory, which may be the target of control flow logic.

• Man in the Middle attacks, where an attacker falsifies messages to your program.

Often, a given service isn't obviously vulnerable to any of these. Running under network service (or another account with reduced permissions) is a 'better safe than sorry' strategy that acknowledges two important facts of software development: programmers are fallible and attackers are inventive.