SteelSeries devices can also make you an administrator in Windows 10
Windows 10 users are being haunted by security vulnerabilities. Earlier this week it was discoveredthat connecting a Razer mouse to a Windows 10 PC could easily allow a user to gain admin rights on that PC. Now a similar story is happening with SteelSeries peripherals.
Inspired by a discovery earlier this week, security researcher Lawrence Amer tried to find a similar vulnerability in SteelSeries peripherals on Windows 10. When a SteelSeries keyboard is plugged in, Windows attempts to install the SteelSeries GG app, which is used to control certain features of SteelSeries peripherals, such as RGB backlighting. As with Razer, this installer is run by a trusted SYSTEM user with administrator privileges.
However, unlike Razer's Synapse software, the SteelSeries GG software installation initially occurs without giving users the option to select a folder to save files. And it was the folder selection that caused the first vulnerability to be exploited. The first installer extracts additional installation files to the specified location, and then the extracted installer runs as well.
At some point the second installer predictably presents the user with a license agreement. This page contains a link to the full agreement on the SteelSeries website. If the user has not already installed a default browser, Windows 10 will prompt the user to select an application to open the link, and if they select Internet Explorer, the browser will launch under the user's SYSTEM, as will the installer. At this point, the attacker has only to attempt to save the current web page, which opens a File Explorer window where he needs to select a location to save the file.
The next process is the same as in the case of the Razer vulnerability. This File Explorer window allows anyone to easily launch the command line window with administrative privileges and users can perform any action from there.
The discovery of these vulnerabilities in Windows 10 seems likely to "open the floodgates." Besides Razer and SteelSeries peripherals, other brands probably have similar software with similar vulnerabilities in the ideology itself. Chances are pretty good that we'll be hearing a lot of similar stories in the near future.
Source: bleepingcomputer