Razer Synapse bug grants Windows admin privileges by plugging in a mouse or keyboard

midian182

Posts: 9,633   +120
Staff member
In brief: It seems that gaining administrator-level Windows privileges on a PC doesn't require much work; all you need is physical access and a Razer mouse or keyboard. It's the result of a zero-day vulnerability in the company's popular Synapse software that exploits the plug-and-play installation process.

Security researcher jonhat revealed the bug on Twitter (via BleepingComputer). He explains how anyone can get system privileges on Windows devices simply by plugging in a Razer mouse, keyboard, or dongle, giving them complete control of the system and allowing the installation of unauthorized software, including malware.

The process works by first connecting one of Razer's peripherals. This will result in Windows automatically downloading and installing the driver and Razer Synapse software. The problem stems from the RazerInstaller.exe executable being launched with system-level privileges so it can make changes to the PC.

During the setup process, the setup wizard allows users to specify where they want to install the Razer Synapse software. When changing the destination folder, a "Choose a Folder" dialog will appear. Shift and right-click here and select "Open Powershell windows here." This will open the Powershell prompt with the same system privileges as the process that launched it.

Researchers say that similar bugs will likely be present in other companies' installers for their plug-and-play peripherals.

The biggest caveat here is that anyone intending to use the exploit for nefarious reasons needs physical access to the device in question—in addition to a Razer product—but it still has potentially serious implications.

Jonhat added that he reached out to Razer's security team and it is working on a fix. The researcher added that he had been offered a bounty despite publicly disclosing the bug. Expect to see Razer roll out an update that addresses the issue very soon.

Permalink to story.

 
Still a small price to pay for RGB 99% of the time you will cover with your hand: we're not savages here, we need fancy lights to distract us from our terminal lack of gpus!
 
While I like my BlackWidow Elite as a keyboard, I've always hated their stupid always connected to the cloud software that decides it occasionally needs to try to install, which is why I'll be happy to swap it out for the EVGA Z20 keyboard (with non intrusive software support) I have arriving with my FTW3 Ultra 3080 this weekend.
 
Another $hitty aspect of their software coming at you!

On the other hand, you can by their RGB facemask soon. I'm guessing $149 and that you'll probably need to sync it with the Synapse software so they can manage your use of the mask.
 
Back