Security: plug in a Razer mouse or keyboard and gain admin privileges in Windows 10

By Sofia Elizabella Wyciślik-Wilson
Published 3 years ago

A worrying security flaw has been discovered in Razer Synapse software which can be exploited to gain administrator privileges in Windows 10. What is particularly concerning about this vulnerability -- aside from the fact that there is no patch available yet -- is that exploitation is possible by simply plugging in a Razer mouse, keyboard or dongle.

Pretty much the only thing that isn't disturbing about this security hole is that it is a local privilege escalation (LPE) vulnerability, meaning an attacker would need physical access to a system to exploit it. Nonetheless, the zero-day can be taken advantage of by anyone splashing out a few bucks on a cheap Razer peripheral.

See also:

The security bug is shockingly simple to exploit and essentially gives an attacker free rein to do whatever they want to a system. When a mouse, keyboard or dongle from Razer is connected to a computer, the software installer is automatically downloaded and run with SYSTEM privileges. During the installation, it is then possible to use the Windows context menu to open a PowerShell prompt and this will retain the same privileges, allowing for wide-ranging and dangerous commands to be executed.

The vulnerability was discovered by hacker jonhat (whose Twitter bio reads: "while true;do eat;sleep;hack;game;done"). He tweeted details of how to exploit the security flaw as well as a video of the attack in action:

Need local admin and have physical access?
- Plug a Razer mouse (or the dongle)
- Windows Update will download and execute RazerInstaller as SYSTEM
- Abuse elevated Explorer to open Powershell with Shift+Right click

Tried contacting @Razer, but no answers. So here's a freebie pic.twitter.com/xDkl87RCmz
— jonhat (@j0nh4t) August 21, 2021

He later tweeted to say that he had been contacted by Razer who assured him that the company's security team is busy working on a fix. Additionally, despite having publicly disclosed the security flaw, jonhat says that Razer offered him a bug bounty, although he did not go as far as sharing details of its size.

3 Comments

Security: plug in a Razer mouse or keyboard and gain admin privileges in Windows 10

3 Responses to Security: plug in a Razer mouse or keyboard and gain admin privileges in Windows 10

Recent Headlines

Firefox Nightly expands to Linux on ARM64

How writing zip support for Windows almost cost its creator his job at Microsoft

Apple AirPlay comes to IHG Hotels and Resorts

Millennials are key targets for phishing

Get 'Applied Machine Learning and AI for Engineers' (worth $67.99) for FREE

Best Windows apps this week

The dynamics of modern Windows device management [Q&A]

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

EndeavourOS ARM discontinued: A huge loss for the Linux community