What you need to know
- A vulnerability was recently revealed that lets people gain SYSTEM access on a PC by plugging in a Razer mouse or dongle.
- The vulnerability requires local access but could be used to install malicious software onto a PC.
- Razer is now working on a fix for the issue.
A security researcher named Jon Hat recently revealed that you could gain SYSTEM access on a PC by plugging in a Razer gaming mouse or dongle (via Neowin). If you have local access to a machine, plugging in a Razer device installs RazerInstaller.exe, which runs with SYSTEM privileges. It also allows someone to open Windows PowerShell and the File Explorer with elevated privileges. With this exploit, someone could install harmful software onto a computer.
Because of the nature of the vulnerability, a person requires physical access to a PC to exploit it. This makes it less dangerous than a vulnerability that can be exploited remotely, but it still leaves a security risk.
Need local admin and have physical access?
- Plug a Razer mouse (or the dongle)
- Windows Update will download and execute RazerInstaller as SYSTEM
- Abuse elevated Explorer to open Powershell with Shift+Right click
Tried contacting @Razer, but no answers. So here's a freebie pic.twitter.com/xDkl87RCmzNeed local admin and have physical access?
- Plug a Razer mouse (or the dongle)
- Windows Update will download and execute RazerInstaller as SYSTEM
- Abuse elevated Explorer to open Powershell with Shift+Right click
Tried contacting @Razer, but no answers. So here's a freebie pic.twitter.com/xDkl87RCmz— jonhat (@j0nh4t) August 21, 2021August 21, 2021
While separate, this Razer-related vulnerability has some characteristics in common with the PrintNightmare vulnerabilities on Windows 10. Both types of vulnerabilities rely on someone installing an item on a local account and gaining SYSTEM privileges despite not being an admin on a computer.
Hat explains that he reported the vulnerability to Razer but did not initially hear back from the company. Following this, Hat shared the vulnerability publicly. Since, Razer has responded to Hat, explaining that it is working on a fix.
I would like to update that I have been reached out by @Razer and ensured that their security team is working on a fix ASAP.
Their manner of communication has been professional and I have even been offered a bounty even though publicly disclosing this issue.I would like to update that I have been reached out by @Razer and ensured that their security team is working on a fix ASAP.
Their manner of communication has been professional and I have even been offered a bounty even though publicly disclosing this issue.— jonhat (@j0nh4t) August 22, 2021August 22, 2021
Razer offered Hat a bounty for finding the vulnerability, even though it was disclosed publicly.
