Security | Vulnerability Scans and Assessment

Windows 10 administrative rights gained by Razer devices

Razer

A Razer Synapse is a software that allows users to configure their hardware devices, set up macros, or map buttons. A zero-day vulnerability in Razer was recently discovered and it enables attackers to gain Windows administrator rights simply by plugging in a Razer mouse or keyboard. Razer is a very popular computer peripheral manufacturer known for its gaming mice and keyboards. When you connect a Razer device to a Windows device, the operating system automatically downloads the Razer Synapse software and begins installing it on the computer. This Razer Synapse software as claimed by Razer is currently used by over 100 million users worldwide.

How is the administrative right obtained? Security researcher Jonhat discovered and tweeted about the zero-day vulnerability in the plug-and-play installation of Razer Synapse that allows users to quickly gain SYSTEM privileges on a Windows device. SYSTEM privileges are the highest user rights available in Windows and allow someone to execute any command on the operating system. Essentially, when a user is given SYSTEM permissions in Windows, they get complete control of the system and can install anything they want, including malware.

After not receiving a response from Razer, Jonhat disclosed the zero-day vulnerability on Twitter and explained how the bug works as shown in the video below.

It is worth noting that this is a Local Privilege Escalation (LPE) vulnerability, which means you must have a Razer device and also physical access to the Windows device. After this zero-day vulnerability gained wide attention on Twitter, Razer has contacted the security researcher to let them know that they will be issuing a fix.

Jonhat-1

Razer also told the researcher that he would be receiving a bug bounty reward even though the vulnerability was publicly disclosed.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x