A bug in the Synapse app for using a Razer mouse can cause anyone to have administrator permissions in Windows
Table of contents:
Windows security has always been one of the workhorses of those who claim that it is a system that is not as secure as it should be and the truth is that they are armed with reason with news like this , relating to a bug that allows you to gain administrator permissions when installing drivers for aRazer wireless mouse
A new vulnerability that does not require you to click on a suspicious file or install any program from unofficial sources.A breach that puts the security of computers at risk and although in order to take advantage of it, the attacker must have physical access to the computer, it still shows that Microsoft You still have a lot of work to do to improve security on your system.
Full computer access
And in this case the problem arises when the drivers of a Razer wireless mouse are installed through the Synapse application It is This is the tool that allows you to configure all the parameters as well as customize functions and controls to facilitate the use of, for example, a mouse and that benefits from the Plug and Play system>"
The Synapse application launches automatically when a Razer mouse is connected. Using the file RazerInstaller.exe a normal installation is performed which however also allows the user to open an Explorer window to choose where to install the drivers.And this is where the problem begins, since the user can open PowerShell and access almost any function on the computer.
The vulnerability has been discovered and posted on Twitter by the user @j0nh4t, who decided to make the existence of this security breach public after contacting Razer and receiving no response at first. As a result of this article, from Razer, they have contacted us, to make a statement, stating that they are working on changes in the application to limit this case usage:
To take advantage of this bug it is necessary to have both a Razer mouse and personal access to the equipment, two limits that minimize the impact of the gap that, however, can leave us in doubt about the number of failures of this type that can affect other Plug & Play devices."
Via | Slashgear
