If you combine the facts of "connecting USB automatically loads software" and "software installation happens with privileges", I'll wager that there are other exploitable packages out there. Many vulnerabilities fall into the class of "How has nobody realized this before now?"
#Razer mouse driver windows 10#
To test this bug, we created a temporary 'Test' user on one of our Windows 10 computers with standard, non-administrator privileges, as shown below.Īs explained by Will Dormann, a Vulnerability Analyst at the CERT/CC, similar bugs are likely to be found in other software installed by the Windows plug-and-play process. With that said, the bug is so easy to exploit as you just need to spend $20 on Amazon for Razer mouse and plug it into Windows 10 to become an admin. It should be noted that this is a local privilege escalation (LPE) vulnerability, which means that you need to have a Razer devices and physical access to a computer. jonhat AugGetting SYSTEM privileges by plugging in a mouseĪs BleepingComputer has a Razer mouse available, we decided to test out the vulnerability and have confirmed that it took us about two minutes to gain SYSTEM privileges in Windows 10 after plugging in our mouse. Abuse elevated Explorer to open Powershell with Shift+Right click
#Razer mouse driver update#
Windows Update will download and execute RazerInstaller as SYSTEM Need local admin and have physical access?
#Razer mouse driver install#
Essentially, if a user gains SYSTEM privileges in Windows, they attain complete control over the system and can install whatever they want, including malware.Īfter not receiving a response from Razer, jonhat disclosed the zero-day vulnerability on Twitter yesterday and explained how the bug works with a short video.
SYSTEM privileges are the highest user rights available in Windows and allow someone to perform any command on the operating system. Security researcher jonhat discovered a zero-day vulnerability in the plug-and-play Razer Synapse installation that allows users to gain SYSTEM privileges on a Windows device quickly. Razer claims that that their Razer Synapse software is used by over 100 million users worldwide.
Razer Synapse is software that allows users to configure their hardware devices, set up macros, or map buttons. When plugging in a Razer device into Windows 10 or Windows 11, the operating system will automatically download and begin installing the Razer Synapse software on the computer. Razer is a very popular computer peripherals manufacturer known for its gaming mouses and keyboards. A Razer Synapse zero-day vulnerability has been disclosed on Twitter, allowing you to gain Windows admin privileges simply by plugging in a Razer mouse or keyboard.
0 kommentar(er)
