Your Razer gaming mouse could be turned into a weapon against Windows 10 PCs.
As reported by BleepingComputer, a zero-day flaw in the Razer Synapse software grants Windows admin privileges to anyone who plugs their Razer mouse or keyboard into a Windows 10 laptop or desktop.
Used by more than 100 million users, Razer Synapse is a program that lets you customize your gaming accessories. It was made so you could set macros, assign buttons, and change your RGB lighting — now it can help a bad actor effectively gain control of someone's computer.
Need local admin and have physical access?- Plug a Razer mouse (or the dongle)- Windows Update will download and execute RazerInstaller as SYSTEM- Abuse elevated Explorer to open Powershell with Shift+Right clickTried contacting @Razer, but no answers. So here's a freebie pic.twitter.com/xDkl87RCmzAugust 21, 2021
The software vulnerability was discovered by security researcher jonhat who disclosed the bug on Twitter after informing Razer and not receiving a response. According to jonhat, after a Razer mouse is plugged in, the PC in use will automatically download and execute the Razer Synapse software. Because it is launched by a process with SYSTEM privileges, those privileges are inherited by Synapse.
As you're manually choosing which folder to install the Synapse software in, there is a way to open a PowerShell window. The software install with heightened privileges will then hand over those privileges to PowerShell during the download process. At this point, the Razer mouse owner could execute any desired command and install malicious programs.
Even more concerning is that Will Dormann, a vulnerability analyst at CERT/CC, believes similar bugs will be found in other software that use the Windows plug-and-play process.
Razer working on a fix
The zero-day vulnerability spread like wildfire across social media before getting the attention of Razer. The company told jonhat that it is working on a fix, though no timeline was given for when it'll arrive.
Although the vulnerability was publicly disclosed, Razer offered jonhat a bounty for bringing this troubling flaw to their attention.