Security researcher jonhat has found a zero-day exploit that allows admin privileges on Windows 10 just by plugging in a Razer mouse or keyboard. Once the peripheral is attached, an auto-install process begins with Razer Synapse Software, where the exploit becomes available. A user can open PowerShell with admin rights, the highest a user can have in the OS.
This exploit requires local access to a computer, but as many as 100 million people could be affected. Jon reached out to Razer about the bug and did not hear back, which is why he released a video about it. Razer contacted him afterward and said its security team would look into it and offered him a bounty for finding it.
Another researcher has pointed out that similar exploits will be discovered due to the process in which Windows plug-and-play works and how most users are usually in a hurry to finish an install process. The PnP feature has been included since Windows 95, so many other installations may have shared this exploit.
Need local admin and have physical access?
— jonhat (@j0nh4t) August 21, 2021
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click
Tried contacting @Razer, but no answers. So here’s a freebie pic.twitter.com/xDkl87RCmz
I would like to update that I have been reached out by @Razer and ensured that their security team is working on a fix ASAP.
— jonhat (@j0nh4t) August 22, 2021
Their manner of communication has been professional and I have even been offered a bounty even though publicly disclosing this issue.
SYSTEM privileges are the highest user rights available in Windows and allow someone to perform any command on the operating system. Essentially, if a user gains SYSTEM privileges in Windows, they attain complete control over the system and can install whatever they want, including malware.
Source: Bleeping Computer