Razer Synapse Bug provides Windows administrator access to anyone who can connect a mouse

This site can earn affiliate commissions from the links on this page. Terms of use.

You may want to keep an eye on your USB ports for the next few days. A security researcher has revealed an eerily simple way to get admin privileges in Windows 10 without password, and for once, it’s not Microsoft’s fault. This time around, it’s all thanks to Razer and its Synapse software. A fix is ​​underway, but Razer missed the opportunity to eliminate it before it became an issue.

The story begins with security researcher Jonhat (@ j0nh4t on Twitter), who noted that Razer’s Synapse software automatically implemented itself whenever a Razer wireless mouse or receiver was connected. Like many feature-rich gaming peripherals, Razer requires the use of its desktop software to control lights, button mapping, and other functions.

This part is not unusual: Windows Update automatically loads a lot of software based on the connected hardware. It does this as a system, but the current Razer Synapse installer retains system permissions, which turns out to be a problem.

According to Jonhat, it is possible to hijack the Explorer process with elevated privileges from the installation to open Powershell. From there, you can install anything you want because the system has the highest user rights available in Windows. Plus, as if that weren’t enough, you can manually select a controllable installation path such as Desktop. The installer creates a binary file that can be further exploited to persist any changes to the system (the binary runs even before login).

With vulnerabilities of this severity, the discoverer is expected to reveal himself responsibly by passing through the company. However, Jonhat claims that Razer ignored his correspondence. Hence, he publicly revealed the zero day bug. Many others have since confirmed that a Razer mouse can help take control of a Windows 10 PC in minutes. Using this method, the attacker can install anything he wants without logging in as an administrator.

So, that’s not a big deal, and the only saving grace is that someone needs physical access to your computer (and a Razer peripheral). Following the disclosure, Razer confirmed it was working on a patch to be delivered soon. In the meantime, keep an eye out for the lurkers with the glowing mice.

Now read: