Security researchers have discovered a bug that gives you admin privileges in Windows 10 by simply plugging in a Razer device. The security flaw has to do with the Razer Synapse software that lets you configure your Razer devices, map buttons, set up macros, and more.
The bug was discovered by security researcher jonhat who found a zero-day vulnerability in the plug-and-play Razer Synapse installation that quickly gives you admin privileges in Windows 10.
Admin privileges are the highest level of user rights which let you take control of the whole system, letting you install or remove anything as you please, including malware. This also lets you perform any system-level command on the operating system.
How it Works
The way it works is that once you plug in a Razer mouse or keyboard into your PC, Windows Update will automatically download and install Razer Synapse. The RazerInstaller will be executed as SYSTEM once it’s done downloading.
The security researcher explains how the bug works in a short video in his tweet. Check it out below.
Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right clickTried contacting @Razer, but no answers. So here’s a freebie pic.twitter.com/xDkl87RCmz
— jonhat (@j0nh4t) August 21, 2021
The tech news blog BleepingComputer has confirmed this security flaw by testing it on their own system. They simply plugged in a Razer mouse and discovered that they had obtained admin privileges within a few minutes.
The good news, however, is that the security researcher reached out to Razer and the company has said that their security team is working on a fix. This means that a security patch should be released soon.
I would like to update that I have been reached out by @Razer and ensured that their security team is working on a fix ASAP.
Their manner of communication has been professional and I have even been offered a bounty even though publicly disclosing this issue.
— jonhat (@j0nh4t) August 22, 2021