We tell you this because some users through various internet sources, such as the social network Twitter, are complaining about a security breach in this regard. Specifically, this occurs when we have to install the latest drivers for the aforementioned hardware component firm, Razer. All this happens when we install a brand new mouse or keyboard on a Windows-based computer. This is the most common method that all of us carry out when we are going to start up this device on our computer.
Vulnerability discovered in Razer drivers
When we connect that mouse or keyboard to our computer, the Redmond operating system itself starts up automatically. With this, what we really want to tell you is that its application Windows update Find and download the corresponding product drivers on your own to install them on your PC. As pointed out by some affected users on the internet, the file necessary for all this, RazerInstaller, it is downloaded and run as SYSTEM.
In turn, it automatically opens a Powershell window with administrator permissions, which can pose a serious security problem. To all this, we can add that some of these users have tried to contact Contact with the signature itself to communicate this fact and have not received a response.
On the other hand, if we customize the installation process, we can make the situation worse. With is, all we want to tell you is that we can specify the save folder in a path of the own user, such as Windows desktop. In that it has been seen that a service binary file is also stored in the same folder. This is prone to being hijacked and run before the user logs in at startup, which is another potential danger.
When will Razer fix this driver problem in Windows?
As we have previously commented, some of these affected users who have realized the potential danger, have contacted the firm. While some of these have not received any response from Razer, others claim that after a few hours they have received security team response of the company.
I would like to update that I have been reached out by @Razer and ensured that their security team is working on a fix ASAP.
Their manner of communication has been professional and I have even been offered a bounty even though publicly disclosing this issue.
– jonhat (@ j0nh4t) August 22, 2021
This is something that therefore they have ended up thanking them since this team has ensured that it will try to solve the security problem as soon as possible. It is worth mentioning that those who have tried to get Razer to offer them a solution, they have had to send a series of personal data as well as their own product acquired. At least all this means that the manufacturer is already aware of the security flaw and that it will fix it as soon as possible. Hopefully this will be out through a new upgrade of those controllers.