Aug 23 2021

This Mouse Gives you Admin on Windows

Category: Windows SecurityDISC @ 1:14 pm

Razer gaming mice come with a buggy installer. It starts automatically when you plug in one of Razer’s devices.

The installer runs as SYSTEM. And it lets you start a shell—which also runs as SYSTEM. A classic elevation-of-privilege bug. And one that’s incredibly simple to exploit.

DĂ©jĂ  vu? It’s like PrintNightmare all over again. In today’s SB Blogwatch, we point the fingers of blame.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: A VHS player with a window.

Not This One, That One

What’s the craic? Lawrence Abrams reports—“Become a Windows 10 admin by plugging in a mouse”:

It took us about two minutes”
Razer is a very popular computer peripherals manufacturer known for its gaming mouses and keyboards. When plugging in a Razer device into Windows 10 or Windows 11, the operating system will automatically download and begin installing the Razer Synapse software.
…
A zero-day vulnerability in the plug-and-play Razer Synapse installation … allows users to gain SYSTEM privileges [which is] the highest user rights available in Windows. … It took us about two minutes to gain SYSTEM privileges in Windows 10 after plugging in our mouse.
…
Razer has contacted the security researcher to let them know that they will be issuing a fix. … Razer also told the researcher that he would be receiving a bug bounty reward.

O RLY? Surur Davids adds—“All you need to gain admin privileges on Windows 10 is to plug in a Razer mouse”:

This Mouse Gives you Admin on Windows

Mastering Windows Security and Hardening: Secure and protect your Windows environment from intruders, malware attacks, and other cyber threats

Tags: Admin on Windows