Administrative rights gained through Razer devices on Windows 10

Posted on Christian By Christian No Comments on Administrative rights gained through Razer devices on Windows 10
Razer

A Razer Synapse is a software that allows users to configure their hardware devices, set up macros, or map buttons. Recently, security researchers uncovered a zero-day vulnerability in Razer devices. This vulnerability allowed attackers to gain Windows administrative rights gained through Razer devices like mouse or keyboard when plugged in. Razer, a popular computer peripheral manufacturer known for its gaming mice and keyboards. Upon connecting a Razer device to a Windows device, the operating system automatically downloads the Razer Synapse software and initiates its installation on the computer. According to Razer, the Razer Synapse software currently serves over 100 million users worldwide

How is the administrative right obtained? Security researcher Jonhat discovered and tweeted about the zero-day vulnerability in the plug-and-play installation of Razer Synapse that allows users to quickly gain SYSTEM privileges on a Windows device. SYSTEM privileges are the highest user rights available in Windows and allow someone to execute any command on the operating system. Essentially, when a user is given SYSTEM permissions in Windows, they get complete control of the system and can install anything they want, including malware.

After not receiving a response from Razer, Jonhat disclosed the zero-day vulnerability on Twitter. They explained how the bug works as shown in the video below.

https://twitter.com/i/status/1429049506021138437

It is worth noting that this is a Local Privilege Escalation (LPE) vulnerability. Which means you must have a Razer device and also physical access to the Windows device. Following the attention this zero-day vulnerability gained on Twitter, Razer contacted the security researcher to inform them that they will be issuing a fix.

Jonhat-1

In addition, Razer assured the researcher that they would receive a bug bounty reward, even though the vulnerability had been publicly disclosed.

I hope you found this blog post this vulnerability of administrative rights gained through Razer devices interesting and insightful. Please let me know in the comment session if you have any questions.

Rate this post
Security | Vulnerability Scans and Assessment Tags:, ,

Related Posts

More Related Articles

Complete Guide on TestRail as a Test Management Tool banner Complete Guide on TestRail as a Test Management Tool Security | Vulnerability Scans and Assessment
Feature image 1 Configure and validate Exclusions for Microsoft Defender Antivirus scans Anti-Virus Solution
Trellix configurations after ePo setup ePO Server Settings: Trellix ePO AD integration and ENS Agents Installation Security | Vulnerability Scans and Assessment
ePO installation on Windows Server Trellix ePolicy Orchestrator Installation on Windows Server Security | Vulnerability Scans and Assessment
Featured post. How to fix The Group Policy settings for BitLocker startup options are in conflict and cannot be applied Security | Vulnerability Scans and Assessment
PetitPotam PetitPotam attack on Active Directory Certificate Services: How to mitigate NTLM Relay PetitPotam attack on AD CS Security | Vulnerability Scans and Assessment

Leave a Reply