Bug in Razer mouse software allows Windows administrator privileges
Although Microsoft works tirelessly to remove this stigma, Windows still retains the image of an operating system that is often all too easy to compromise. Many such exploits occur on the remote side when people click on suspicious links or download software from unofficial sources.
However, there comes a point when it becomes almost too easy to hack, such as when you plug in your Razer mouse, which in turn triggers a process that allows almost anyone with physical access to a computer to gain system-level administrative privileges.
Windows users are used to the "Plug and Play" concept where new peripherals "just work" when plugged in. This usually uses a program that automatically runs to download and install device drivers and to configure the PC to recognize the external device. This system is used by almost all known Windows accessories, suggesting that this particular zero-day vulnerability is not exclusive to Razer.
What makes the issue more serious is that Razer's Synapse software installation program makes the process all too easy. Synapse is an application that allows users to customize Razer hardware with advanced features such as key and button remapping. The Synapse installer automatically launches when you plug in your Razer mouse, and that's where the error crept in.
The RazerInstaller.exe program naturally runs with system-level privileges to make any changes to a Windows PC. However, it also allows the user to open a File Explorer instance with the same privileges and run PowerShell, which will allow them to do anything they want with the system, including installing malware. After getting no response from Razer, security researcher @j0nh4t decided to publicly disclose the vulnerability.
Need local admin and have physical access?
- jonhat (@j0nh4t) August 21, 2021
- Plug a Razer mouse (or the dongle)
- Windows Update will download and execute RazerInstaller as SYSTEM
- Abuse elevated Explorer to open Powershell with Shift+Right click
Tried contacting @Razer, but no answers. So here's a freebie pic.twitter.com/xDkl87RCmz
The good news is that this exploit requires the attacker to physically access the target computer with Windows and a Razer mouse. The latter, of course, is sold at every turn and is not difficult to buy. Breaking the silence, Razer has acknowledged the bug and promised to release a fix as soon as it can, though it still raises questions about how many installers have similar security holes.
Source: @j0nh4t
