SYSTEM privilege is the highest practical local security context on Windows. It sits above standard administrator rights and gives code broad control over the operating system, including services, drivers, protected processes, and many security settings. When a process runs as SYSTEM, it can usually access resources that normal users and even admins cannot modify directly.
Attackers often target SYSTEM after gaining an initial foothold because it turns a limited local compromise into full host control. Many Windows privilege-escalation bugs, especially in kernel-adjacent drivers and file-system components, are valuable precisely because they can elevate a user process to SYSTEM. Defenders look for unusual SYSTEM processes, suspicious token or handle manipulation, unexpected service creation, and file-system activity around sensitive components. In practice, preventing SYSTEM compromise means hardening the local attack surface, patching elevation-of-privilege flaws quickly, and treating any path to SYSTEM as a critical security boundary.



