Vulnerability lets people gain admin rights on Windows 10 PCs by using Razer mice

Yet another vulnerability has been found that lets people gain SYSTEM access from a local account on a PC.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

What you need to know

A security researcher named Jon Hat recently revealed that you could gain SYSTEM access on a PC by plugging in a Razergaming mouseor dongle (viaNeowin). If you have local access to a machine, plugging in a Razer device installs RazerInstaller.exe, which runs with SYSTEM privileges. It also allows someone to open Windows PowerShell and the File Explorer with elevated privileges. With this exploit, someone could install harmful software onto a computer.

Because of the nature of the vulnerability, a person requires physical access to a PC to exploit it. This makes it less dangerous than a vulnerability that can be exploited remotely, but it still leaves a security risk.

Need local admin and have physical access?- Plug a Razer mouse (or the dongle)- Windows Update will download and execute RazerInstaller as SYSTEM- Abuse elevated Explorer to open Powershell with Shift+Right clickTried contacting@Razer, but no answers. So here’s a freebiepic.twitter.com/xDkl87RCmzNeed local admin and have physical access?- Plug a Razer mouse (or the dongle)- Windows Update will download and execute RazerInstaller as SYSTEM- Abuse elevated Explorer to open Powershell with Shift+Right clickTried contacting@Razer, but no answers. So here’s a freebiepic.twitter.com/xDkl87RCmz— jonhat (@j0nh4t)August 21, 2021August 21, 2021

While separate, this Razer-related vulnerability has some characteristics in common with thePrintNightmare vulnerabilities on Windows 10. Both types of vulnerabilities rely on someone installing an item on a local account and gaining SYSTEM privileges despite not being an admin on a computer.

Hat explains that he reported the vulnerability to Razer but did not initially hear back from the company. Following this, Hat shared the vulnerability publicly. Since, Razer has responded to Hat, explaining that it is working on a fix.

I would like to update that I have been reached out by@Razerand ensured that their security team is working on a fix ASAP.Their manner of communication has been professional and I have even been offered a bounty even though publicly disclosing this issue.I would like to update that I have been reached out by@Razerand ensured that their security team is working on a fix ASAP.Their manner of communication has been professional and I have even been offered a bounty even though publicly disclosing this issue.— jonhat (@j0nh4t)August 22, 2021August 22, 2021

Razer offered Hat a bounty for finding the vulnerability, even though it was disclosed publicly.

Get the Windows Central Newsletter

All the latest news, reviews, and guides for Windows and Xbox diehards.

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He’s covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean’s journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.