Razer Bug Grants Windows 10 Admin Privileges by Plugging In a Razer Keyboard or Mouse

[Peter_Brosdahl]

Image: Razer



Security researcher jonhat has found a zero-day exploit that allows admin privileges on Windows 10 just by plugging in a Razer mouse or keyboard. Once the peripheral is attached, an auto-install process begins with Razer Synapse Software, where the exploit becomes available. A user can open PowerShell with admin rights, the highest a user can have in the OS.



This exploit requires local access to a computer, but as many as 100 million people could be affected. Jon reached out to Razer about the bug and did not hear back, which is why he released a video about it. Razer contacted him afterward and said its security team would look into it and offered him a bounty for finding it.



Another researcher has pointed out that similar exploits will be discovered due to the process in which Windows plug-and-play works and how most users are usually in a hurry to finish an...

Continue reading...

 

[Zarathustra]

Yikes!

Is this really a Razer bug though, or is it more of a Windows 10 bug, if a USB peripheral can result in privilege escalation...

 

[LazyGamer]

Yikes!

Is this really a Razer bug though, or is it more of a Windows 10 bug, if a USB peripheral can result in privilege escalation...

Yes?

I think Razer is just the most visible (or first visible) but it boils down to Windows installing vendor-supplied software with elevated privileges through Windows Update automatically, and by default.

Convenient, but on the list of supply chain attack vectors that will be hard to police!

 

[Peter_Brosdahl]

Yes?

I think Razer is just the most visible (or first visible) but it boils down to Windows installing vendor-supplied software with elevated privileges through Windows Update automatically, and by default.

Convenient, but on the list of supply chain attack vectors that will be hard to police!

Thanks @LazyGamer for the story tip!