Razer is fixing a bug which gives admin rights on Windows using just a Razer mouse

A Razer Basilisk X Hyperspeed mouse on a mousepad

A couple of days ago, security researcher Jon Hat (@j0nh4t on Twitter) revealed that it is possible to gain admin privileges to a PC using just a Razer mouse as long as you have local access to the machine. The researcher privately reported this to Razer, but decided to disclose it publicly after no response from the company. The exploit was widely circulated especially given that it's so easy to trigger and reproduce. Although it has a local attack surface and is, thus, not as dangerous as remote exploits, Razer is now working on patching the issue.

Essentially, you can plug in a Razer mouse or a dongle to your PC, which will trigger Windows Update to download and execute RazerInstaller.exe. This installer runs with SYSTEM privileges but also allows users to utilize the File Explorer to open Windows PowerShell with admin privileges. This means that an attacker with local access to your machine can utilize this technique to gain admin access to your PC and potentially install malicious software. The exploit can be seen in action below:

Hat also stated that:

Additionally if you go through the installation process and define the save dir to user controllable path like Desktop. A service binary is saved there which can be hijacked for persistance (sic) and is executed before user logon on boot.

The good news is that Razer is apparently working on a fix. Hat reports that the company has reached out to him and informed him that it is working on a patch on an urgent basis. Even though the security researcher disclosed the bug publicly, a bounty has reportedly been offered. The value of the bounty and an ETA for a fix have not been revealed as of yet.

Thanks to kiddingguy for the news tip!

Report a problem with article
EAGET
Next Article

Amazon knocks 21% off the EAGET Portable External SSD, but just for today

IBM Telum processor
Previous Article

IBM's new Telum chips will help infer enterprise workload, detect fraud, and more

17 Comments - Add comment

Advertisement