A service account is a special type of account that serves a specific purpose for services, and ultimately, applications in the environment. These special-purpose Active Directory accounts are also the subject of cybersecurity risks. A Windows Service is not run interactively by an end-user who logs into the Windows system, it needs to have a Windows service account to allow the service to run under a specific user’s context with special permissions. Using the special LocalSystem account for a service is a dual-edged sword. Choosing the right type of Windows Service account to run a service running under the right on the local computer where the service will run.
Source: https://thehackernews.com/2021/02/learn-how-to-manage-and-secure-active.html