Security News > 2021 > August > SteelSeries software makes you Windows 10 admin with or without a real device

SteelSeries software makes you Windows 10 admin with or without a real device
2021-08-24 18:54

The official app for installing SteelSeries devices on Windows 10 can be exploited to obtain administrator rights, a security researcher has found.

A real SteelSeries device is not necessary to exploit the bug.

Playing with a recently acquired SteelSeries keyboard on Monday, the researcher discovered a privilege escalation vulnerability that allowed him to run the Command Prompt in Windows 10 with admin privileges.

A real SteelSeries device is not necessary for this attack to work.

Amer told BleepingComputer that he tried informing SteelSeries about the vulnerability but could not find a public bug bounty program or a contact for product security.

An attacker could save the vulnerable signed executable dropped in the temporary folder when plugging in a SteelSeries device and serve it in a DNS poisoning attack.


News URL

https://www.bleepingcomputer.com/news/security/steelseries-software-makes-you-windows-10-admin-with-or-without-a-real-device/