Have to get root on a Home windows field? Plug in a Razer gaming mouse

This is definitely not a Razer mouse—but you get the idea.

Enlarge / That is undoubtedly not a Razer mouse—however you get the concept. (credit score: calvio through Getty Photographs)

This weekend, safety researcher jonhat disclosed a long-standing safety bug within the Synapse software program related to Razer gaming mice. Throughout software program set up, the wizard produces a clickable hyperlink to the placement the place the software program might be put in. Clicking that hyperlink opens a File Explorer window to the proposed location—however that File Explorer spawns with SYSTEM course of ID, not with the person’s.

Have mouse, will root

By itself, this vulnerability in Razer Synapse seems like a minor problem—in spite of everything, so as to launch a software program installer with SYSTEM privileges, a person would usually must have Administrator privileges themselves. Sadly, Synapse is part of the Home windows Catalog—which implies that an unprivileged person can simply plug in a Razer mouse, and Home windows Replace will cheerfully obtain and run the exploitable installer robotically.

Jonhat is not the one—and even the primary—researcher to find and publicly disclose this bug. Lee Christensen publicly disclosed the identical bug in July, and in accordance with safety researcher _MG_, who demonstrated it utilizing an OMG cable to imitate the PCI Machine ID of a Razer mouse and exploit the identical vulnerability, researchers have been reporting it fruitlessly for greater than a 12 months.

Learn 2 remaining paragraphs | Feedback

Leave a Reply

Your email address will not be published. Required fields are marked *