A vulnerability in Razer allows control in Windows
Razer is a well-known brand specialized in gaming devices in the computer. It has a great variety of mice and keyboards, mainly. Now, a zero-day security breach affects precisely these devices. Simply connecting them to a computer would be possible to obtain administrator permissions.
How does this error work? When we connect a keyboard or mouse to a USB port on a Windows computer, the system will automatically start downloading and installing the Razer Synapse software. This program is used to configure those devices. For example, we can assign certain buttons or modify the operation. It is very useful for gamers, mainly.
But of course, as soon as someone connects these devices, which work through Plug and Play, that is when the security flaw is activated. Automatically grants administrator permissions.
Necessary physical access to the equipment
This security flaw, which consists of a privilege escalation, you obviously need physical access to that device. It is necessary to use a mouse or keyboard to gain administrator privileges and have full control over that system with Windows 10.
These types of devices are inexpensive. We can say that for 20 euros or little more, anyone can buy it and put a Windows system to the test.
When installing the Razer device driver, the setup wizard allows specify folder where it will be installed. It is precisely this that causes the failure. When you click on select location, a dialog box will appear to choose the folder. When pressing the Shift key and clicking the right mouse button in the dialog box, a message will appear to open a new window in PowerShell.
This PowerShell window it starts with system permissions, so it will inherit the same privileges. This allows that, through the console, we can execute any type of command that needs administrator privileges.
Security researchers suspect that this bug is not unique to Razer, but may affect others through the Plug and Play installation process and may still allow you to gain administrator privileges on Windows 10. One of the security researchers Behind this discovery, he has posted a demonstration video on his Twitter profile. There we can see how exactly this important vulnerability works.
Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift + Right click
– jonhat (@ j0nh4t) August 21, 2021
Ultimately, a simple mouse or keyboard from Razer can allow any user to gain administrator privileges on a Windows computer. A zero-day failure during the installation process through Plug and Play triggers this security-compromising issue.