On the 21st of August, Twitter user jonhat shared that Razer peripherals give users admin rights on Windows 10.
Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click
— jonhat (@j0nh4t) August 21, 2021
Zero-Day Security Vulnerability
The device installer software of Razer gives users full admin privileges on Windows 10. The plugged peripheral leads to the downloading and installation of the Razer Synapse software. Because it is launched via a Windows process, it grants the software system privileges.
System rights are the highest-level ones on Windows. So, users will be able to gain full control over the data. This is potentially dangerous, as someone might install malware on the device used.
As for now, it is unclear whether the bug affects Windows 11, too.
The company is aware of the vulnerability and is working to resolve it.
A spokesperson said: “We have investigated the issue, are currently making changes to the installation application to limit this use case, and will release an updated version shortly. The use of our software (including the installation application) does not provide unauthorized third-party access to the machine.”
They encouraged users to report all similar cases on their bug bounty service, Inspectiv.
Twitter user jonhat – the one who initially discovered the issue – also confirmed that the Razer team has contacted him. They reassured him that they are working on a solution. Furthermore, they have offered him a bounty.