SoylentNews is people
SoylentNews
Razer bug lets you become a Windows 10 admin by plugging in a mouse:
A Razer Synapse zero-day vulnerability has been disclosed on Twitter, allowing you to gain Windows admin privileges on a local computer simply by plugging in a mouse.
[...] When plugging in a Razer device into Windows 10 or Windows 11, the operating system will automatically download and begin installing the Razer Synapse software on the computer. Razer Synapse is software that allows users to configure their hardware devices, set up macros, or map buttons.
Security researcher jonhat discovered a zero-day vulnerability in the plug-and-play Razer Synapse installation that allows users to gain SYSTEM privileges on a Windows device quickly.
[...] When we plugged the Razer device into Windows 10, the operating system automatically downloaded and installed the driver and the Razer Synapse software.
Since the RazerInstaller.exe executable was launched via a Windows process running with SYSTEM privileges, the Razer installation program also gained SYSTEM privileges
[...] When the Razer Synapse software is installed, the setup wizard allows you to specify the folder where you wish to install it. The ability to select your installation folder is where everything goes wrong.
When you change the location of your folder, a 'Choose a Folder' dialog will appear. If you press Shift and right-click on the dialog, you will be prompted to open 'Open PowerShell window here,' which will open a PowerShell prompt in the folder
]...] As this PowerShell prompt is being launched by a process with SYSTEM privileges, the PowerShell prompt will also inherit those same privileges.
(Score: 5, Insightful) by Fluffeh on Monday August 23 2021, @06:24AM (4 children)
This is exactly what I was thinking.
Plug in a device, enable pre-installed generic windows software for that type of device. If it wants to install new software, it should ask permission.
Even if you put security to the side for a moment (just for a moment), what's to stop shitware/bloatware/crapware being installed on my damned system as a user? Sometimes I prefer my mouse to be treated just as a basic mouse - and not install it's own super duper mouse software with it. If I want the fancy stuff, I can either install it myself, or ALLOW the software to be installed. What's to stop the "mouse software" also installing something to constantly drops ads into my system.
Now, back to the security. What the hell... This sounds like a security nightmare that's about to be revisited by the folks in Microsoft in some hurriedly organised meetings.
(Score: 4, Touché) by Opportunist on Monday August 23 2021, @07:22AM
Why do you think that's a bug and not a feature? At least according to your corporate overlords.
(Score: 5, Interesting) by looorg on Monday August 23 2021, @09:11AM (1 child)
Isn't, or wasn't, this the standard previously to Win10/11? It would look at what is already on the system and run some default generic stuff and if you wanted to get all the bells and whistles you would have to run that separately afterwards. I recall mice previously just working but if I wanted to turn on/off the lights, reconfigure all the buttons and add various other things I had to install some manufacturer software specific to the mouse. It was not automagically installed.
(Score: 1, Interesting) by Anonymous Coward on Monday August 23 2021, @11:00AM
It did a sort of hybrid. It would install the generic driver that fits the class of device and then look for a more specific driver from their online update system to install if enabled. If that driver had other support software listed or certain other criteria were hit, it would prompt you to install it. If you didn't or if the online search was disabled, then it would pop up a notification about installing the correct driver every time the hardware was redetected.
(Score: 2) by edIII on Tuesday August 24 2021, @07:41PM
We're talking about one of the holes on the pasta strainer that is Microsoft Security. I have a thumbdrive that will give me admin on any Windows machine from a simple reboot. Easiest money I ever made was rescuing some business owner from a disgruntled employee that locked up their MS Server. I was done in literally 5 minutes and out the door for lunch.
They must be smoking good shit at those meetings and laughing their asses off. It's not like I've seen Microsoft actually secure anything in the last 10 years since those meetings should've started in earnest.
Technically, lunchtime is at any moment. It's just a wave function.