Plugging in a Razer mouse turns attackers into Windows 10 admins

Plugging in a Razer mouse turns attackers into Windows 10 admins

In theory, an attacker only needs a mouse or keyboard from the peripheral device manufacturer Razer, which he connects to a computer with Windows 10 in order to obtain system rights. He could then, equipped with the highest possible rights, gain full control over the PC and install malware, for example.

The problem is a vulnerability in the Synapse software that installs itself automatically the first time a Razer mouse or keyboard is connected. You can use it to configure input devices. The installation runs with system rights.

If an attacker already has access to a computer, can connect a mouse and is logged on to Windows, he can make use of the system rights of the installation process. All he has to do is select a different installation location in the wizard. If you open a Powershell via the Explorer window that appears in the course of the change, it will also start with system rights. An attacker with restricted rights could upgrade himself to system admin.

A security researcher with the pseudonym “jonhat” came across this and reported it about it on Twitter. He decided to publish it because Razer did not give him any direct feedback on the vulnerability reported.

In the meantime, the manufacturer of peripheral devices has reacted and assured the security researcher that they are currently working on a patch. It is still unclear when the security update will be released. The researcher claims to have received a bug bounty bonus for finding and reporting the vulnerability.

Even if attacks are not easily possible, users of the Synapse software should ensure that they have the latest version installed.


Leave a Reply

Your email address will not be published.