Image: Razer

Security researcher jonhat has found a zero-day exploit that allows admin privileges on Windows 10 just by plugging in a Razer mouse or keyboard. Once the peripheral is attached, an auto-install process begins with Razer Synapse Software, where the exploit becomes available. A user can open PowerShell with admin rights, the highest a user can have in the OS.

This exploit requires local access to a computer, but as many as 100 million people could be affected. Jon reached out to Razer about the bug and did not hear back, which is why he released a video about it. Razer contacted him afterward and said its security team would look into it and offered him a bounty for finding it.

Another researcher has pointed out that similar exploits will be discovered due to the process in which Windows plug-and-play works and how most users are usually in a hurry to finish an install process. The PnP feature has been included since Windows 95, so many other installations may have shared this exploit.

SYSTEM privileges are the highest user rights available in Windows and allow someone to perform any command on the operating system. Essentially, if a user gains SYSTEM privileges in Windows, they attain complete control over the system and can install whatever they want, including malware.

Source: Bleeping Computer

Don’t Miss Out on More FPS Review Content!

Our weekly newsletter includes a recap of our reviews and a run down of the most popular tech news that we published.

Peter Brosdahl

As a child of the 70’s I was part of the many who became enthralled by the video arcade invasion of the 1980’s. Saving money from various odd jobs I purchased my first computer from a friend of my...

Join the Conversation

3 Comments

  1. Yikes!

    Is this really a Razer bug though, or is it more of a Windows 10 bug, if a USB peripheral can result in privilege escalation…

  2. [QUOTE=”Zarathustra, post: 40149, member: 203″]
    Yikes!

    Is this really a Razer bug though, or is it more of a Windows 10 bug, if a USB peripheral can result in privilege escalation…
    [/QUOTE]
    Yes?

    I think Razer is just the most visible (or first visible) but it boils down to Windows installing vendor-supplied software with elevated privileges through Windows Update automatically, and by default.

    Convenient, but on the list of supply chain attack vectors that will be hard to police!

  3. [QUOTE=”LazyGamer, post: 40152, member: 1367″]
    Yes?

    I think Razer is just the most visible (or first visible) but it boils down to Windows installing vendor-supplied software with elevated privileges through Windows Update automatically, and by default.

    Convenient, but on the list of supply chain attack vectors that will be hard to police!
    [/QUOTE]
    Thanks [USER=1367]@LazyGamer[/USER] for the story tip!

Leave a comment