Share this article

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Razer driver bug grants Windows admin privileges to anyone

3 min. read

Published onAugust 23, 2021

published onAugust 23, 2021

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

We’ve been constantly talking about security and the steps we should take in order to keep ourselves safe from outside interference when it comes to our internet-connected devices.

But what do we do when the threat is closer than we think? And no, this is not a James Bond movie, it’s the sad and at the same time funny reality of software bugs.

ThePrintNightmarefiasco has turned the eyes of the hacker community to the vulnerabilities exposed by installing 3rd party drivers.

We know it wasn’t long until other ways to intrude were found and, sure enough, someone already discovered that you can go through a wide-open door in Windows 10 by simply plugging in a Razer wireless dongle.

This bug gives you admin priveleges

Yes, you heard correctly. When plugging a Razer device into Windows 10 or Windows 11 machines, the operating system will automatically download and begin installing theRazer Synapse softwareon the computer.

This above-mentioned software allows users to configure their hardware devices, set up macros, or map buttons.

A researcher discovered a zero-day vulnerability in the plug-and-play Razer Synapse installation that allows users to gain system privileges on a Windows device very fast.

The gasoline on the fire, in this case, is that Razer claims the Synapse software is used by over 100 million users worldwide.

Need local admin and have physical access?– Plug a Razer mouse (or the dongle)– Windows Update will download and execute RazerInstaller as SYSTEM– Abuse elevated Explorer to open Powershell with Shift+Right clickTried contacting@Razer, but no answers. So here’s a freebiepic.twitter.com/xDkl87RCmz

As you know, system privileges are the highest user rights available in Windows and allow someone to perform any desired command on the OS.

Thus, if anyone were to gain these high-level privileges in Windows, they attain complete control over the system and can install whatever they want, including malware.

The main issue is that Windows Update downloads and executes RazerInstaller as system and that the Installer offers users the opportunity to open an Explorer window to choose where to install the drivers.

From there, there’s only one step to press shift-right-click in order to open a Powershell terminal with system privileges, and the hacker can basically do whatever he wants.

Furthermore, if the intruder goes through the installation process and defines the save directory to a user-controllable path like Desktop, the Installer saves a service binary there which can be hijacked for persistence and which is executed before user login on boot.

Another important factor to keep in mind is that the attackers do not even need a real Razer mouse, as the USB ID can be easily replicated.

Razer stated that its working on fixing this issue

After, at first, the researcher that discovered this vulnerability said he contacted Razer but didn’t receive a response, the giant hardware manufacturer got in touch with him and discussed this problem further.

Razer also told him that he would be receiving a bug bounty reward even though the vulnerability was publicly disclosed.

I would like to update that I have been reached out by@Razerand ensured that their security team is working on a fix ASAP.Their manner of communication has been professional and I have even been offered a bounty even though publicly disclosing this issue.

We’re all hoping that this problem will find its solution fast because none of us would like to become the victim of such an easy method.

However, most likely, by this time next week, both Razer and Microsoft will have provided fixing patches, designed to rid us of this vulnerability.

Were you ever the victim of malicious interference or data extraction? Let us know in the comments section below.

Alexandru Poloboc

Tech Journalist

With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor, as well as TV and radio entertainment show host.

A certified gadget freak, he always feels the need to surround himself with next-generation electronics.

When he is not working, he splits his free time between making music, gaming, playing football, basketball and taking his dogs on adventures.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Alexandru Poloboc

Tech Journalist

With a desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter.

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Razer driver bug grants Windows admin privileges to anyone#

This bug gives you admin priveleges#

Razer stated that its working on fixing this issue#