Razer bug lets you become a Windows 10 admin by plugging in a mouse:
A Razer Synapse zero-day vulnerability has been disclosed on Twitter, allowing you to gain Windows admin privileges on a local computer simply by plugging in a mouse.
[...] When plugging in a Razer device into Windows 10 or Windows 11, the operating system will automatically download and begin installing the Razer Synapse software on the computer. Razer Synapse is software that allows users to configure their hardware devices, set up macros, or map buttons.
Security researcher jonhat discovered a zero-day vulnerability in the plug-and-play Razer Synapse installation that allows users to gain SYSTEM privileges on a Windows device quickly.
[...] When we plugged the Razer device into Windows 10, the operating system automatically downloaded and installed the driver and the Razer Synapse software.
Since the RazerInstaller.exe executable was launched via a Windows process running with SYSTEM privileges, the Razer installation program also gained SYSTEM privileges
[...] When the Razer Synapse software is installed, the setup wizard allows you to specify the folder where you wish to install it. The ability to select your installation folder is where everything goes wrong.
When you change the location of your folder, a 'Choose a Folder' dialog will appear. If you press Shift and right-click on the dialog, you will be prompted to open 'Open PowerShell window here,' which will open a PowerShell prompt in the folder
]...] As this PowerShell prompt is being launched by a process with SYSTEM privileges, the PowerShell prompt will also inherit those same privileges.
(Score: 3, Interesting) by kazzie on Monday August 23 2021, @10:03AM (4 children)
Well there was an option of enabling user logons in Windows 95, but it could be bypassed by pressing Escape at the login dialog.
(Score: 2) by Freeman on Monday August 23 2021, @01:30PM (1 child)
That's a helpful feature . . .
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by kazzie on Monday August 23 2021, @04:05PM
Yeah, all it really enabled was per-user configuration of desktop wallpaper, start menu, and My Documents path. Nothing security-related whatsoever.
(Score: 0) by Anonymous Coward on Tuesday August 24 2021, @01:07AM (1 child)
I remember the login prompt that you speak of but I'm certain that was a login window for 'Client for Microsoft Networks', not a computer login. Win95 is a single user OS so no login was ever needed.
(Score: 0) by Anonymous Coward on Wednesday August 25 2021, @01:54AM
Windows 95/98 are single-user OSes. By default, the login window was for the network client services and affected the selection of your roaming profile and that is it. In certain circumstances, you could set 95/98 to use user profiles, but that was relatively rare. In Windows 98 SE, they changed the default so that way logging in would change your profile and roaming profile. However, there was not the concept of separate users and the different settings between user profiles were limited beyond Microsoft customizing things like the wallpaper and a few other things because of that. It wasn't until XP, which had separate users in addition to the separate profiles, that dividing things up properly was more important.