A programmer has discovered a zero-day bug in Synapse, the device installer software for Razer peripherals. Whether it be a Razer computer mouse, keyboard or any device that uses the utility, simply plugging in the device grants full admin rights on Windows 10 after downloading Synapse. So far, the vulnerability could be valid in Windows 11 as well, allowing the same privilege escalation, although it hasn’t yet been reported. Read more for a video demonstration and additional information.
Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click
— jonhat (@j0nh4t) August 21, 2021
What happens is basically when a user plugs in a Razer device, Microsoft Windows 10 automatically seeks an installer containing that appropriate driver software and the Synapse utility. The Synapse installation then gives users the ability to gain system privileges on the Windows device since it opens an Explorer window that prompts the user to specify where the driver should be installed as part of the setup process.
- Hero 25K sensor through a software update from G HUB, this upgrade is free to all players: Our most advanced, with 1:1 tracking, 400+ ips, and 100 - 25,600 max dpi sensitivity plus zero smoothing, filtering, or acceleration
- 11 customizable buttons and onboard memory: Assign custom commands to the buttons and save up to five ready to play profiles directly to the mouse
- Adjustable weight system: Arrange up to five removable 3.6 grams weights inside the mouse for personalized weight and balance tuning
- Programmable RGB Lighting and Lightsync technology: Customize lighting from nearly 16.8 million colors to match your team's colors, sport your own or sync colors with other Logitech G gear
- Mechanical switch button tensioning: Metal spring tensioning system and pivot hinges are built into left and right gaming mouse buttons for a crisp, clean click feel with rapid click feedback
We have investigated the issue, are currently making changes to the installation application to limit this use case, and will release an updated version shortly. The use of our software (including the installation application) does not provide unauthorized third-party access to the machine,” said Razer.