An odd vulnerability allows users to gain SYSTEM access on any PC running Windows 10 just by plugging in a Razer gaming mouse or dongle.
You obviously need local access to the machine, but plugging in a Razer device installs RazerInstaller.exe, which runs with SYSTEM privileges, allowing you to then access Windows PowerShell or the File Explorer with these advanced privileges.
Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right clickTried contacting @Razer, but no answers. So here's a freebie pic.twitter.com/xDkl87RCmz
— jonhat (@j0nh4t) August 21, 2021
The bug was discovered by a security researcher named Jon Hat, who posted it publicly after first contacting Razer and hearing nothing.
Razer have since confirmed they are working on a fix.
I would like to update that I have been reached out by @Razer and ensured that their security team is working on a fix ASAP.
Their manner of communication has been professional and I have even been offered a bounty even though publicly disclosing this issue.
— jonhat (@j0nh4t) August 22, 2021
