Razer Synapse Bug Windows 10 Admin Access Computer Mouse
A programmer has discovered a zero-day bug in Synapse, the device installer software for Razer peripherals. Whether it be a Razer computer mouse, keyboard or any device that uses the utility, simply plugging in the device grants full admin rights on Windows 10 after downloading Synapse. So far, the vulnerability could be valid in Windows 11 as well, allowing the same privilege escalation, although it hasn’t yet been reported. Read more for a video demonstration and additional information.

What happens is basically when a user plugs in a Razer device, Microsoft Windows 10 automatically seeks an installer containing that appropriate driver software and the Synapse utility. The Synapse installation then gives users the ability to gain system privileges on the Windows device since it opens an Explorer window that prompts the user to specify where the driver should be installed as part of the setup process.
Logitech G502 HERO High Performance Wired Gaming Mouse, HERO 25K Sensor, 25,600 DPI, RGB, Adjustable Weights, 11 Programmable Buttons, On-Board Memory, PC / Mac
  • Hero 25K sensor through a software update from G HUB, this upgrade is free to all players: Our most advanced, with 1:1 tracking, 400-plus ips, and 100...
  • 11 customizable buttons and onboard memory: Assign custom commands to the buttons and save up to five ready to play profiles directly to the mouse
  • Adjustable weight system: Arrange up to five removable 3.6 grams weights inside the mouse for personalized weight and balance tuning

We have investigated the issue, are currently making changes to the installation application to limit this use case, and will release an updated version shortly. The use of our software (including the installation application) does not provide unauthorized third-party access to the machine,” said Razer.

Write A Comment