GamingRazer mice and keyboards found to possess admin-granting powers on Windows PCs

Razer is a familiar name on our best gaming mouse and best gaming keyboard lists, but it turns out these serpentine peripherals have a rather unnerving hiden talent: simply plugging one in, and installing the Razer Synapse software, is apparently enough to grant admin privileges on any Windows 10 or Windows 11 PC.

Twitter user jonhat discovered the exploit, which was easily replicated by Bleeping Computer. The issue is largely down to how Windows Update automatically downloads the Synapse software: because Windows Update has SYSTEM (i.e. admin) privileges, it grants that same level of access to Synapse.

Where things can really get dodgy is during Synapse installation. You, or someone trying to mess with your PC, can open a PowerShell window from within the installer – and because Windows effectively gave Synapse admin powers, this gives the PowerShell window admin powers too. Thanks to that daisy chain of iffy security, anyone who knows how to run commands in PowerShell will essentially have admin control over the PC.

Read more



from Rock, Paper, Shotgun https://ift.tt/3sMCKZh
via IFTTT

No comments