This Vulnerability Lets You Gain Windows Admin Privileges By Plugging In A Razer Keyboard Or Mouse

On Windows computers, there are different user levels, ranging from Guest users and Admins. Obviously the distinction here would be permissions, where those with Admin status can do more to the system and make deeper system level changes compared to a Guest user, which is why it’s important to designate these user levels accordingly.

However, it seems that due to a bug/vulnerability with Razer’s Synapse software, it seems that anyone with a Razer mouse or keyboard can easily give themselves SYSTEM privileges on a Windows machine. This is according to a tweet by @j0nh4t who shared the bug on Twitter.

https://twitter.com/j0nh4t/status/1429049506021138437

How this works is that whenever you plug a Razer keyboard or mouse to your computer, Windows will automatically download Razer Synapse, which is the software that Razer uses to control certain settings of its accessories. During the installation process, when Windows prompts which folder you’d like to save the software to, Shift and right-clicking the “Choose a Folder” button will let users launch a PowerShell window.

Since the software has SYSTEM privileges, what this means is that even users who aren’t an Admin will now have admin-level privileges and can do pretty much whatever they want in the PowerShell window. That being said, this exploit hinges on users having physical access to the computer and also having a Razer peripheral with them.

Razer has since commented that a patch is in development that will close off this exploit, but until then, disabling your computer’s USB ports will be one way to secure yourself until this problem is fixed.

You May Also Like

Related Articles on Ubergizmo

Popular Right Now

Exit mobile version

Discover more from Ubergizmo

Subscribe now to keep reading and get access to the full archive.

Continue reading

Exit mobile version