Security News > 2021 > August > SteelSeries bug gives Windows 10 admin rights by plugging in a device
The official app for installing SteelSeries devices on Windows 10 can be exploited to obtain administrator rights, a security researcher has found.
A real SteelSeries device is not necessary to exploit the bug.
Playing with a recently acquired SteelSeries keyboard on Monday, the researcher discovered a privilege escalation vulnerability that allowed him to run the Command Prompt in Windows 10 with admin privileges.
A real SteelSeries device is not necessary for this attack to work.
Amer told BleepingComputer that he tried informing SteelSeries about the vulnerability but could not find a public bug bounty program or a contact for product security.
An attacker could save the vulnerable signed executable dropped in the temporary folder when plugging in a SteelSeries device and serve it in a DNS poisoning attack.
News URL
Related news
- Windows 10 KB5044273 update released with 9 fixes, security updates (source)
- Windows 10 KB5045594 update fixes multi-function printer bugs (source)
- Microsoft fixes Windows 10 bug causing apps to stop working (source)
- Windows 10 KB5046613 update released with fixes for printer bugs (source)
- Microsoft just killed the Windows 10 Beta Channel again (source)
- Microsoft just killed the Windows 10 Beta Channel for good (source)
- Microsoft pulls WinAppSDK update breaking Windows 10 app uninstalls (source)
- Windows 10 KB5046714 update fixes bug preventing app uninstalls (source)