I am not sure if this is just our install or the default way the install is run.
Most common high risk vuln in the organization: Simplehelp EXE can be replaced by anyone.
Path : c:\programdata\jwrapper-remote access\jwappssharedconfig\restricted\simpleservice.exe
Used by services : Remote Access Service
File write allowed for groups : Everyone
Full control of directory allowed for groups : Everyone
First, why is this such an issue. With “everyone” listed with full control of the exe, and the exe is a service, ANYONE can replace the simplehelp exe with a file of their choosing and just rename it, running whatever they want(think malware, virus, etc) as a service automatically.
We talked to support and are told that the newest installer does not have this issue, it was fixed in 5.3.
They told us there is 2 options,
Make sure to send in a support ticket. This is a user forum for community support and is not monitored by SimpleHelp Staff.
We did send in a ticket and talk to support, see the previous reply.
This is a security vulnerability that their updater does not fix and I found no mention of this in any documentation, so it is a community issue. Everyone with an install prior to 5.3 should be checking their permissions on the folder/file mentioned above and remediating themselves.
Got it. Sorry somehow I missed the second part. 
While the permissions issue was addressed for newer service installs in v5.3, we’ve made a change to v5.3.5 that will have the service modify the installation permissions of pre-existing services. Once services update, the permissions should be fixed automatically.
The changes I mentioned yesterday are now live in SimpleHelp 5.3.5.
Remote Support
Remote Access
Monitoring and Management
Presentation
Remote Work
Standard
Business
Enterprise