CATEGORIES
home News

Embarrassing Razer Software Exploit Gives Full Windows 10 Admin Access

by Brandon HillMonday, August 23, 2021, 10:11 AM EDT
razer wireless hero
We often cover vulnerabilities in Windows 10 that involve convoluted methods of gaining admin access to systems using privilege escalation. However, the latest exploit involving software for Razer products is facepalm-worthy in its sheer simplicity.

In this case, the problem stems from Razer's Synapse software, which configures its peripherals like gaming mice and keyboards. This software can adjust macros, program mouse buttons, and control your RGB lighting. However, security researcher jonhat revealed via Twitter that an unscrupulous person with a Razer mouse or keyboard could gain SYSTEM access to a Windows 10 (or Windows 11) PC simply by plugging the device into the target PC.

When a Razer peripheral (or dongle) is first plugged into a Windows 10 (or Windows 11) PC, the operating system will automatically attempt to download the requisite Synapse software to enable full functionality. The operating system then runs RazerInstaller.exe with SYSTEM privileges, prompting you to select a folder for the installation. However, while within File Explorer, you can press Shift + right click with your mouse to reveal "Open PowerShell Windows" in the resulting dropdown menu.

Within PowerShell, you can type "whoami' which then presents "nt authority\system", confirming full SYSTEM privileges to execute commands.

While this exploit is bad enough given its simplicity, the problem is made worse by Razer's initial response; or rather lack of response. According to jonhat, he reached out to Razer privately to disclose the security issue, but they didn't bother acknowledging his discovery.

Given the non-response, jonhat decided to go public with his findings, which seems to have awakened the security team within Razer. He posted an update saying that not only did the security team reach out to him, but they are working on a fix that will be incorporated into a future software update. Perhaps even better for jonhat, Razer is offering him a bounty for the bug discovery even though he already spilled the beans to the public.

Tags:  Microsoft, security, Razer, Windows 10, windows 11
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment