A USB mouse, keyboard or peripheral can grant Admin rights in Windows 10: Simple ‘Razer Bug’ grants SYSTEM privileges

Razer Bug grants SYSTEM Privileges Administrator Rights
Plugging in USB peripheral grants Admin Rights? Pic credit: ThoroughlyReviewed/Flickr

Just by plugging in a USB mouse, keyboard, any other computer peripheral into a Windows 10 PC or laptop can grant Administrator rights. The scarily simple to execute ‘Razer Bug’ security vulnerability currently exists in Razer Synapse software, which helps customize the components.

A Twitter user discovered and alerted Razer about a security loophole that allowed anyone to merely plug in a Razer mouse, keyboard, or a dongle, to gain SYSTEM privileges. After Razer allegedly ignored the findings, the security researcher published the findings.

Razer Synapse Software can make anyone Windows 10 Administrator with SYSTEM privileges due to Razer Bug:

Razer is one of the most popular computer peripherals manufacturers. In fact, the company claims more than 100 million users worldwide use its Razer Synapse software.

The software allows users to configure their hardware devices, set up macros, or map buttons. Essentially, the Razer Synapse software is a customization tool for Razer-branded USB peripherals.

Security researcher ‘jonhat’ recently discovered a zero-day vulnerability in the plug-and-play Razer Synapse installation that allows users to gain SYSTEM privileges on a Windows device quickly.

As a good Samaritan, the researcher claims he quickly alerted Razer, but the company apparently ignored him. After not receiving any response, jonhat disclosed the zero-day vulnerability on Twitter.

It is important to note that any threat actor looking to gain elevated privileges will need physical access to the target machine and its USB ports. Additionally, the target machine should have the Razer Synapse software already installed. It is not clear if the software running in the background could disable the Razer bug.

How does a piece of software for USB peripherals grant Admin rights to anyone on a Windows 10 PC?

As the short video and accompanying explanation reveal, it is ridiculously easy to gain Admin rights by merely plugging in a Razer-branded computer peripheral.

The researcher has discovered a Local Privilege Escalation (LPE) vulnerability. At present, there is no way to remotely achieve Administrator privileges remotely with the Razer bug.

That being said, the “hack” works by associating a Windows Terminal Window with the installation of the Razer Synapse Software that begins automatically when anyone plugs in a Razer-branded computer peripheral.

When Windows 10 OS detects a newly plugged-in Razer device, it automatically downloads and installs the driver and the Razer Synapse software. As the RazerInstaller.exe executable runs with SYSTEM privileges, the Razer installation program also gains the same privileges.

When the Razer Synapse software is installing, it asks to choose the default installation folder or change the location. At this window, anyone with a lower access level, can simply press Shift and right-click on the dialog, and select ‘Open PowerShell window here.’

This PowerShell window, by association with the software installer executable, also gains the SYSTEM privileges. It truly is that easy.

Incidentally, sometime after the Tweet went out, Razer contacted the security researcher and is collaborating with him to fix the Razer bug.

While Razer is fixing the bug, it is quite likely that such loopholes might exist with other software. After all, there are thousands of USB peripherals. And there could be dozens of executables that Windows PC automatically downloads and installs.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x