Aug 23 2021

This Mouse Gives you Admin on Windows

Category: Windows SecurityDISC @ 1:14 pm

Razer gaming mice come with a buggy installer. It starts automatically when you plug in one of Razer’s devices.

The installer runs as SYSTEM. And it lets you start a shell—which also runs as SYSTEM. A classic elevation-of-privilege bug. And one that’s incredibly simple to exploit.

DĂ©jĂ  vu? It’s like PrintNightmare all over again. In today’s SB Blogwatch, we point the fingers of blame.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: A VHS player with a window.

Not This One, That One

What’s the craic? Lawrence Abrams reports—“Become a Windows 10 admin by plugging in a mouse”:

It took us about two minutes”
Razer is a very popular computer peripherals manufacturer known for its gaming mouses and keyboards. When plugging in a Razer device into Windows 10 or Windows 11, the operating system will automatically download and begin installing the Razer Synapse software.
A zero-day vulnerability in the plug-and-play Razer Synapse installation … allows users to gain SYSTEM privileges [which is] the highest user rights available in Windows. … It took us about two minutes to gain SYSTEM privileges in Windows 10 after plugging in our mouse.
Razer has contacted the security researcher to let them know that they will be issuing a fix. … Razer also told the researcher that he would be receiving a bug bounty reward.

O RLY? Surur Davids adds—“All you need to gain admin privileges on Windows 10 is to plug in a Razer mouse”:

This Mouse Gives you Admin on Windows

Mastering Windows Security and Hardening: Secure and protect your Windows environment from intruders, malware attacks, and other cyber threats

Tags: Admin on Windows