Razer Synapse is generally a decent piece of software, and the company makes some of the best gaming mice. However, the software has a new zero-day vulnerability that allows just about anyone to gain admin rights on a computer by simply plugging in a mouse or keyboard.
Razer’s Zero-Day Vulnerability
The vulnerability was first discovered by Security researcher jonhat and posted on Twitter. It was then tested and verified by Bleeping Computer. The publication was able to confirm that the vulnerability does exist.
All you need to do is plug in a razer mouse, dongle, or keyboard. Next, Windows 10 will download and execute RazerInstaller as SYSTEM, which grants full privileges. From there, you can use the elevated Explorer to open Powershell with a keyboard shortcut. Once that’s done, the sky’s the limit in terms of what you can do on the computer.
Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click
— jonhat (@j0nh4t) August 21, 2021
Obviously, this vulnerability requires the person to physically be near the computer to plug in a Razer peripheral, so it’s not the kind of threat you need to worry about being exploited remotely. Still, anything that can grant an unauthorized person full access to a computer without permission is something that needs to be taken seriously and fixed quickly.
What Is Razer Doing?
Fortunately, Razer reached out to the researcher who discovered the vulnerability and said it is working on a fix as quickly as possible. Hopefully, an update is released soon that will handle the problem, as it needs to be addressed before it’s exploited by too many people.
Generously, Razer offered researcher jonhat a bounty even though he disclosed the bug publicly, so the company does seem appreciative that the bug has been discovered, allowing Razer to fix it to prevent future exploits.
- › New Windows Zero-Day Grants Local Admin Access
- › SteelSeries Software Bug Gives Windows 10 Admin Rights
- › T-Mobile Is Selling Your App Activity: Here’s How to Opt Out
- › NZXT Signal 4K30 Capture Card Review: Lossless High-Quality Footage
- › The 10 Best Netflix Original Movies in 2022
- › How Much Does It Cost to Recharge a Battery?
- › How Far Can an Electric Car Go on One Charge?
- › “Atari Was Very, Very Hard” Nolan Bushnell on Atari, 50 Years Later