Razer Bug Grants Windows 10 Admin Privileges by Plugging In a Razer Keyboard or Mouse

The FPS Review may receive a commission if you purchase something after clicking a link in this article.

Image: Razer

Security researcher jonhat has found a zero-day exploit that allows admin privileges on Windows 10 just by plugging in a Razer mouse or keyboard. Once the peripheral is attached, an auto-install process begins with Razer Synapse Software, where the exploit becomes available. A user can open PowerShell with admin rights, the highest a user can have in the OS.

This exploit requires local access to a computer, but as many as 100 million people could be affected. Jon reached out to Razer about the bug and did not hear back, which is why he released a video about it. Razer contacted him afterward and said its security team would look into it and offered him a bounty for finding it.

Another researcher has pointed out that similar exploits will be discovered due to the process in which Windows plug-and-play works and how most users are usually in a hurry to finish an install process. The PnP feature has been included since Windows 95, so many other installations may have shared this exploit.

SYSTEM privileges are the highest user rights available in Windows and allow someone to perform any command on the operating system. Essentially, if a user gains SYSTEM privileges in Windows, they attain complete control over the system and can install whatever they want, including malware.

Source: Bleeping Computer

Peter Brosdahl
As a child of the 70’s I was part of the many who became enthralled by the video arcade invasion of the 1980’s. Saving money from various odd jobs I purchased my first computer from a friend of my dad, a used Atari 400, around 1982. Eventually it would end up being a lifelong passion of upgrading and modifying equipment that, of course, led into a career in IT support.

Recent News