Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 19 submissions in the queue.

Razer Bug Lets You Become a Windows 10 Admin by Plugging in a Mouse

posted by Fnord666 on Monday August 23 2021, @04:46AM   Printer-friendly
from the Razer-should've-read-the-email dept.

upstart writes:

Razer bug lets you become a Windows 10 admin by plugging in a mouse:

A Razer Synapse zero-day vulnerability has been disclosed on Twitter, allowing you to gain Windows admin privileges on a local computer simply by plugging in a mouse.

[...] When plugging in a Razer device into Windows 10 or Windows 11, the operating system will automatically download and begin installing the Razer Synapse software on the computer. Razer Synapse is software that allows users to configure their hardware devices, set up macros, or map buttons.

Security researcher jonhat discovered a zero-day vulnerability in the plug-and-play Razer Synapse installation that allows users to gain SYSTEM privileges on a Windows device quickly.

[...] When we plugged the Razer device into Windows 10, the operating system automatically downloaded and installed the driver and the Razer Synapse software.

Since the RazerInstaller.exe executable was launched via a Windows process running with SYSTEM privileges, the Razer installation program also gained SYSTEM privileges

[...] When the Razer Synapse software is installed, the setup wizard allows you to specify the folder where you wish to install it. The ability to select your installation folder is where everything goes wrong.

When you change the location of your folder, a 'Choose a Folder' dialog will appear. If you press Shift and right-click on the dialog, you will be prompted to open 'Open PowerShell window here,' which will open a PowerShell prompt in the folder

]...] As this PowerShell prompt is being launched by a process with SYSTEM privileges, the PowerShell prompt will also inherit those same privileges.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Razer Bug Lets You Become a Windows 10 Admin by Plugging in a Mouse | Log In/Create an Account | Top | 29 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by ElizabethGreene on Monday August 23 2021, @07:05PM

    by ElizabethGreene (6748) on Monday August 23 2021, @07:05PM (#1169974) Journal

    No, really what the desired behavior should be is that said component adheres to standards which means that the machine doesn't need to download and install special anything to run it, just a standards-compliant driver.

    I couldn't agree more on that. If you're picking hardware please do this. Since printers are what I'm heads-down on right now then a big plug for Type 4 printer drivers that do this.

    To your second point, one person's useless feature is another's killer app. On the opposite side of the coin one OS manufacturer's attempt to standardize drivers is another's "parasite monopoly closed ecosystem". Are there any win-win solutions in that kind of problem? I don't know.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2