Razer devices give you administrator rights in Windows 10
Razer devices give you administrator rights in Windows 10

The vulnerability in the software that installs Razer's peripherals (whether it's a mouse, keyboard, or any device that uses the Synapse utility) gives users full administrative rights to internal components of Windows 10.

Razer makes high-quality hardware for gamers, including mice, keyboards, and gaming chairs, and the Synapse utility allows users to configure hardware, configure macros, or map buttons.

And nothing prevents the vulnerability from allowing privilege elevation on Windows 11. Security researcher Junhat reported the vulnerability and tweeted about it after initially receiving no response from the company.

This tweet caught Razer's attention, telling manufacturer Jonhat that the security team is working hard to fix the issue as soon as possible. Although he found the error, he rewarded it.

The problem is that when a user logs into a Razer machine, Windows automatically receives an installer with the Synapse driver and utility.

Install Synapse and allow users to take system privileges on Windows PCs. In fact, as part of the installer, an Explorer window will open and the user will be asked where to install the driver.

System license is the highest user license level in Windows. With the system account, anyone can fully control the system. This means that it can view, change or delete data.

It is possible to create a new account with full user rights. You can also install any software or application including malware.

In other words, the Synapse installer runs with the highest permissions available in Windows 10. Since the RazerInstaller.exe executable is started by a Windows process running with system privileges, Razer Installer inherits the same administrative privileges.

Junhat detected that the Select Folder dialog is fired when the user changes the location of the default installation folder.

At this point, you can right-click on the installation window and hold down the Shift key, which will open PowerShell with the same elevated privileges.

When Jonhat did not receive a response from Razer, the researchers posted a video showing how the error occurred within about two minutes of logging into the station.

Razer Peripherals gives you Windows 10 administrator rights

Microsoft said it is aware of recent reports and is investigating the issue. "While this issue requires physical access to the target device, we are taking all necessary measures to protect our customers."

The vulnerability is not necessarily limited to Razer devices. Another user on Twitter claimed that the attack also applies to any ASUS ROG mouse.

Users responded to Junhat on Twitter. Armory Crate is a software portal that displays real-time performance and configuration information for connected devices used with ROG, TUF Gaming, and ASUS products.

A Razer spokesperson said, "We've been told that our software gives users broader access to devices during the installation process for very specific use cases. We've researched the issue and are currently working on installing the app to make changes to limit this use case. We'll post an updated version soon."

"Using our software (including installing applications) does not provide unauthorized third party access to the device," he added. We are committed to ensuring the digital security of all of our systems and services. If you come across potential vulnerabilities, we recommend that you report them via the bug bounty service.

Previous Post Next Post