This weekend, safety researcher jonhat disclosed a long-standing safety bug within the Synapse software program related to Razer gaming mice. Throughout software program set up, the wizard produces a clickable hyperlink to the placement the place the software program might be put in. Clicking that hyperlink opens a File Explorer window to the proposed location—however that File Explorer spawns with SYSTEM
course of ID, not with the person’s.
Have mouse, will root
The “Set up Location” on the decrease proper is a clickable hyperlink that opens a File Explorer window to browse for non-standard areas. [credit: jonhat ]
By itself, this vulnerability in Razer Synapse seems like a minor problem—in spite of everything, so as to launch a software program installer with SYSTEM
privileges, a person would usually must have Administrator
privileges themselves. Sadly, Synapse is part of the Home windows Catalog—which implies that an unprivileged person can simply plug in a Razer mouse, and Home windows Replace will cheerfully obtain and run the exploitable installer robotically.
Jonhat is not the one—and even the primary—researcher to find and publicly disclose this bug. Lee Christensen publicly disclosed the identical bug in July, and in accordance with safety researcher _MG_
, who demonstrated it utilizing an OMG cable to imitate the PCI Machine ID of a Razer mouse and exploit the identical vulnerability, researchers have been reporting it fruitlessly for greater than a 12 months.
Learn 2 remaining paragraphs | Feedback