Recently, a bug was discovered in the Razer Synapse software that granted unauthorized admin access. Now, a similar bug was found in SteelSeries software that gives anyone who plugs in a device complete control over a Windows 10 PC with admin rights.
SteelSeries is Following Razer
Security researcher Lawrence Amer decided to investigate after the Razer vulnerability popped up. They found that there was a link in the License Agreement screen that is opened with SYSTEM privileges during the device setup process, thus granting full access to a Windows 10 machine as an admin.
Amer opened the link in Internet Explorer. Once there, it was as simple as saving a web page and launching an elevated Command Prompt from the right-click menu. From there, you can move around the PC with elevated privileges and do anything an admin can do.
This applies to all sorts of SteelSeries peripherals such as mice, keyboards, headsets, and so on.
You don’t even need an actual device, as there’s a method published in a video by researcher István Tóth that actually emulates a SteelSeries or Razer device and lets you launch the installation process without even plugging in any hardware.
Is SteelSeries Addressing the Problem?
A SteelSeries spokesperson talked to BleepingComputer. They said, “We are aware of the issue identified and have proactively disabled the launch of the SteelSeries installer that is triggered when a new SteelSeries device is plugged in. This immediately removes the opportunity for an exploit and we are working on a software update that will address the issue permanently and be released soon.”
So, for the time being, it looks like SteelSeries has prevented the exploit. However, according to Amer, one could save the vulnerable signed executable in the temporary folder and still run it when plugging in a SteelSeries device (or emulating one).
RELATED: Razer Software Vulnerability Grants Anyone Admin Rights on Windows
- › New Windows Zero-Day Grants Local Admin Access
- › Can ChatGPT Write Essays: Is Using AI to Write Essays a Good Idea?
- › How Long Do SD Cards Last?
- › 5 Google Maps Scams (And How to Avoid Them)
- › What It’s Like Using a Gaming Laptop as Your ONLY Gaming PC
- › 10 Google Translate Features You Should Be Using
- › The Best DDR4 RAM of 2023