Although Microsoft has been working tirelessly to get rid of that stigma, Windows still retains the image of an OS that’s almost too easy to compromise. Many such exploits occur on the remote end when people click on suspicious links or download software from unofficial sources. However, there comes a time when an exploit happens almost too easily, like once you connect a Razer mouse that, in turn, starts a process that will let almost anyone with physical access to the pc get system-level administrator control.
Windows users are just about won’t to the concept of “Plug and Play” (a.k.a. “Plug and Pray”), where new peripherals “just work” when plugged in. that sometimes involves a program that automatically runs to download and install device drivers and found out the PC to acknowledge the external device. This technique is employed by most reputable Windows accessories, which suggests that this particular zero-day vulnerability isn’t exclusive to Razer alone.
What makes the matter a touch more serious is that Razer’s Synapse software installer makes it almost too easy to take advantage of that process. Synapse is the application that permits users to configure their Razer hardware with advanced features, like remapping keys and buttons. The installer for Synapse automatically runs once you connect a Razer mouse, and that’s where things go south.
RazerInstaller.exe is, of course, run with system-level privileges to form any changes to the Windows PC. However, it also allows the user to open a File Explorer instance with equivalent powers, and users can launch PowerShell, which will allow them to do anything with the system, including installing malware. After failing to urge a response from Razer, security researcher @jonhat decided to disclose the vulnerability publicly.
Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click
— jonhat (@j0nh4t) August 21, 2021
The slightly excellent news is that this exploit requires that the attacker has physical access to the target Windows computer and a Razer mouse. The latter is, of course, a dime a dozen, and it’s trivial to shop for one on a budget. Breaking its silence, Razer acknowledged the bug and promised to roll out a fix as soon as they will. However, it still raises the question of what percentage of installers have similar security holes waiting to be exploited.