A zero-day vulnerability in Razer’s Synapse software allows anyone with physical access to a Windows 10 (or 11) PC and a Razer mouse to gain admin privileges in a matter of minutes.
The vulnerability was disclosed on Twitter by security researcher jonhat. The researcher put out a tweet demonstrating the vulnerability. He even contacted Razer, but the company didn’t get back to him in time.
The issue arises from the plug and play nature of USB driver installation in Windows. Will Dorman, a vulnerability analyst at CERT/CC, pointed out that similar bugs are likely found in other USB driver installation procedures.
How does a mouse ‘mouse’ around?
Gaining admin privilege using this bug is relatively easy. All you have to do is plug in a Razer mouse and wait for Synapse’s installation to begin. As Synapse installs itself with system privileges, anything launched within the program’s installer runs as admin.
The setup wizard asks the user where to install the software itself and shows a file explorer window during installation. After that, any user can use Shift and right-click in the dialogue box and click the Open PowerShell window here option. Since the Synapse installer is running with admin privileges, the Powershell window also opens with admin privileges.
Keep in mind that this is only a local privilege escalation vulnerability and will only work if you have physical access to the PC you’re looking to get into and a Razer mouse. However, it’s not going to be around forever.
In an update tweeted by Jonhat, he pointed out that Razer had indeed gotten in touch with him, saying that a patch is on the way. The company even offered the researcher a bug bounty even though the vulnerability was disclosed publicly.
In the News: Galaxy Z Fold 3 vs Fold 2: Key Differences
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at [email protected], or follow him on Instagram or Twitter.