Plug in a mouse or keyboard and get Windows administrator privileges for a computer? This is the security hole a security researcher discovered inside Razer's Synapse software.
Razer Basilisk V2 Introductory price 89.99 €
Itopdroid rating (3) read the test
-
Amazon Warehouse
42,80
-
Cdiscount Marketplace 46,00
-
Fnac.com marketplace
54,90
-
Materiel.net 54,90
-
Rakuten
55,58
-
Boulanger.com 59,99
-
Amazon Marketplace
62,78
-
Topbiz.com 72,93
-
Rue du Commerce 80,99
-
Fnac.com 89,99
-
Darty.com 89,99
-
Top Buy 94,94
- Maxesport 95,89
-
LDLC
95,90
-
eBay
98,27
-
E. Leclerc - High-Tech 99,10
-
eBay
52,61
Razer Synapse is software that allows you to customize the buttons and RGB LEDs on Razer peripherals. Widely used by gamers across the planet, it is the subject of an easily exploitable security vulnerability. Discovered by @ j0nh4t who detailed the manipulation on Twitter, it allows access to administrator privileges under Windows by simply plugging in a keyboard or mouse.
Need local admin and have physical access?
- Plug a Razer mouse (or the dongle)
- Windows Update will download and execute RazerInstaller as SYSTEM
- Abuse elevated Explorer to open Powershell with Shift+Right click
Tried contacting @Razer, but no answers. So here's a freebie pic.twitter.com/xDkl87RCmz
- jonhat (@ j0nh4t) August 21, 2021
Indeed, when you connect a Razer device to a PC, Windows offers to install Razer Synapse and launches the executable with system privileges. It is then possible to change the software installation folder and open PowerShell with a few clicks, which also opens with administrator privileges. It is therefore possible to execute any command from the computer ...
Windows PowerShell starts with administrator privileges. © @ j0nh4t
Not to worry too much, however, nothing can be done remotely and you have to be physically present in front of the computer to exploit this bug. Razer has nonetheless stated that it is in the process of correcting the flaw and will be offering an update shortly. @ j0nh4t was contacted by the manufacturer and received a bonus for reporting the problem.
So remember to install the next updates to Razer Synapse if you are using the software.
