A zero-day security breach affects Razer devices and allows an attacker to gain administrator permissions in Windows 10 simply by connecting the devices. With this they could have full control as if they were really users with administrator privileges on that system. This is a major problem and we are going to explain exactly what it is in this article.
A vulnerability in Razer allows control in Windows
Razer is a well-known brand specialized in devices to play games on the computer. It has a great variety of mice and keyboards, mainly. Now, a zero-day security breach affects precisely these devices. Simply by connecting them to a computer it would be possible to obtain administrator permissions.
How does this error work? When we connect a keyboard or mouse to a USB port on a Windows computer, the system will automatically start downloading and installing the Razer Synapse software. This program is used to configure those devices. For example we can assign certain buttons or modify the operation. It is very useful for gamers, mainly.
But of course, as soon as someone connects these devices, which work through Plug and Play, that is when the security flaw is activated. Automatically grants administrator permissions.
Necessary physical access to the equipment
This security flaw, which consists of an escalation of privileges , obviously requires that there be physical access to that device. It is necessary to use a mouse or keyboard to thus obtain administrator privileges and have full control over that system with Windows 10.
These types of devices are inexpensive. We can say that for 20 euros or a little more, anyone can buy it and put a Windows system to the test.
When installing the Razer device driver, the setup wizard allows you to specify the folder where it will be installed. It is precisely this that causes the failure. When you click on select location, a dialog box will appear to choose the folder. When pressing the Shift key and clicking the right mouse button in the dialog box, a message will appear to open a new window in PowerShell.
That PowerShell window starts with system permissions, so it will inherit the same privileges. This allows that, through the console, we can execute any type of command that needs administrator privileges.
Security researchers suspect that this bug is not unique to Razer, but may affect others through the Plug and Play installation process and may still allow you to gain administrator privileges on Windows 10. One of the security researchers Behind this discovery, he has posted a demonstration video on his Twitter profile. There we can see how exactly this important vulnerability works.
Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift + Right clickTried contacting @Razer , but no answers. So here’s a freebie pic.twitter.com/xDkl87RCmz
– jonhat (@ j0nh4t) August 21, 2021
Ultimately, a simple mouse or keyboard from Razer can allow any user to gain administrator privileges on a Windows computer. A zero-day failure during the installation process through Plug and Play triggers this security-compromising issue.
From Razer, in an official statement, they have indicated that it is a very specific use case, which provides the user with broader access to their computer during the installation process. They have investigated the problem and are currently making changes to the installation application to limit its use in this case, as well as to be able to publish an update as soon as it is available. The use of its software (including the installation application) does not provide unauthorized third party access to the computer.
