Security: plug in a Razer mouse or keyboard and gain admin privileges in Windows 10
A worrying security flaw has been discovered in Razer Synapse software which can be exploited to gain administrator privileges in Windows 10. What is particularly concerning about this vulnerability -- aside from the fact that there is no patch available yet -- is that exploitation is possible by simply plugging in a Razer mouse, keyboard or dongle.
Pretty much the only thing that isn't disturbing about this security hole is that it is a local privilege escalation (LPE) vulnerability, meaning an attacker would need physical access to a system to exploit it. Nonetheless, the zero-day can be taken advantage of by anyone splashing out a few bucks on a cheap Razer peripheral.
- Microsoft quietly releases Windows Server 2022 with up to a decade of support
- Open-source tool can pull Microsoft Azure credentials from Windows 365 in plain text
- Shock! Another faulty Windows update! This time it is Alt-tab that is broken by KB5005033
The security bug is shockingly simple to exploit and essentially gives an attacker free rein to do whatever they want to a system. When a mouse, keyboard or dongle from Razer is connected to a computer, the software installer is automatically downloaded and run with SYSTEM privileges. During the installation, it is then possible to use the Windows context menu to open a PowerShell prompt and this will retain the same privileges, allowing for wide-ranging and dangerous commands to be executed.
The vulnerability was discovered by hacker jonhat (whose Twitter bio reads: "while true;do eat;sleep;hack;game;done"). He tweeted details of how to exploit the security flaw as well as a video of the attack in action:
He later tweeted to say that he had been contacted by Razer who assured him that the company's security team is busy working on a fix. Additionally, despite having publicly disclosed the security flaw, jonhat says that Razer offered him a bug bounty, although he did not go as far as sharing details of its size.