Razer flaw allows threat actors to take over Windows PCs

Threat actors could gain Windows admin privileges by connecting in a Razer mouse or keyboard because of a zero-day vulnerability in Razer Synapse.

 

Razer is a well-known computer accessory company that creates, develops, and sells consumer electronics, financial services, and gaming hardware, such as gaming mice and keyboards. Razer says that their Razer Synapse software is used by more than 100 million people around the world.

 

By plugging in a Razer mouse or keyboard, attackers can gain SYSTEM privileges on Windows PCs via a local privilege escalation (LPE) zero-day exploit in Razer Synapse. When a Razer device is connected to a computer running Windows 10 or Windows 11, the operating system will immediately download and install the Razer Synapse driver and software, which allows the devices to be configured.

 

BleepingComputer reports, the vulnerability was found by security researcher jonhat, who announced it on Twitter. The attackers can completely take over the system once they have SYSTEM capabilities in Windows.

 

SYSTEM privileges are the highest level of user rights in Windows, allowing anyone to run any command on the system. In Windows, gaining SYSTEM privileges gives a user complete control over the system, allowing them to install anything they want, even malware.

 

After receiving no response from the company, the researcher decided to go public with his findings. He also released a video proof-of-concept of the attack. Users can choose where they want to install the Razer Synapse software using the setup process.

 

 

 

 

If the attacker right-clicks on a ‘Choose a Folder’ dialogue while holding Shift, he will be offered to open ‘Open PowerShell window here,’ which allows the attacker to open a PowerShell prompt in the folder displayed in the dialogue.

 

Since the PowerShell prompt is launched by a process with SYSTEM privileges, he gains access to those as well.

The company has contacted the security researcher to inform them that they will be releasing a patch after this zero-day issue got widespread notice on Twitter. The company also agreed to provide a bug bounty to the researcher.

 

 

 

 

You might also like:

Threat actor asks insiders help to plant Black Kingdom ransomware

Threat actor leaked a million stolen credit cards on dark web

StealthWorker botnet targets Synology NAS machines with ransomware

FlyTrap Android malware attacks several Facebook accounts