Security News > 2021 > August > Windows 10 Admin Rights Gobbled by Razer Devices
A zero-day bug in the device installer software for Razer peripherals - be they a Razer mouse, keyboard or any device that uses the Synapse utility - gives the plugger-inner full admin rights on Windows 10, just by inserting a compatible peripheral and downloading Synapse.
Need local admin and have physical access?- Plug a Razer mouse- Windows Update will download and execute RazerInstaller as SYSTEM- Abuse elevated Explorer to open Powershell with Shift+Right click.
The plug-and-play Razer Synapse installation then allows users to gain SYSTEM privileges on the Windows device lickety-split, since, as part of the setup routine, it opens an Explorer window that prompts the user to specify where the driver should be installed.
Exe executable was launched via a Windows process running with SYSTEM privileges, the Razer installation program inherited those same Admin privileges.
BleepingComputer had a Razer mouse kicking around, so the outlet tested out the vulnerability and quickly confirmed the zero day, managing to gain SYSTEM privileges in Windows 10 within about 2 minutes of plugging it in.
As BleepingComputer pointed out, it can be as easy as spending ~$24 on a Razer mouse and plugging it into Windows 10 to become an admin.
News URL
https://threatpost.com/windows-10-admin-rights-razer-devices-mouse-peripherals/168855/
Related news
- Windows 10 KB5041580 update released with 14 fixes, security updates (source)
- New Windows 10 22H2 beta fixes memory leaks and crashes (source)
- Windows 10 KB5041582 update released with 5 changes and fixes (source)
- Windows 10 KB5043064 update released with 6 fixes, security updates (source)
- Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack (source)
- Windows 10 KB5043131 update released with 9 changes and fixes (source)