We wouldn’t even consider the possibility of using a seemingly innocent peripheral device, such as a mouse, to gain administrative privileges under Windows and take advantage of that to attack a computer.

Windows, despite Microsoft’s commendable efforts, can still be attacked in many ways, but it is also true that it is often the fault of users when they click on suspicious links or download software from an uncontrolled source. However, the situation is different when a peripheral device, such as a Razer mouse, is connected to the computer. There was nothing wrong, the machine would do it for them.

writes this is the mouse slash gear Once connected, it starts a process that allows anyone with physical access to the computer to gain system-wide administrator privileges.

Windows’ prevalent “plug and play” makes it very easy to use additional hardware: all you have to do is plug in your new peripheral, and it works right away. It usually includes a program that runs automatically to download device drivers and help your computer identify the external device.

A serious vulnerability in this process is now becoming apparent with the Razer mouse, mainly because the device’s Synapse installer makes it easy to exploit this process. Synapse can adjust macros, programmable mouse buttons, and control RGB lighting. Synapse installer runs automatically when a Razer mouse is connected.

Of course, RazerInstaller.exe runs with system-wide privileges to make changes to your Windows PC. However, it does allow the person sitting on the machine to open an instance of File Explorer with the same authority or to start PowerShell. The latter allows you to do anything with the system, such as install malware. And if that’s not enough, you can specify an installation path that can be controlled manually, such as the desktop. The installer creates a binary file that can be used to keep system changes permanent (the binary is executed before logging in). After the security researcher who encountered the problem did not receive a response from Razer, he thought he would reveal the vulnerability.

There is some joy in the worm that an attacker must have physical access to a computer and a Razer mouse to exploit the vulnerability. Since then, the Razer security team has woken up and promised to fix it as soon as possible. However, the question still remains how many installers with similar vulnerabilities are waiting to be exploited.

READ  Index-Tech - CEO apologizes for Cyberpunk 2077

If you want to know something about similar things, you can like it HVG Tech’s Facebook page.



The number of editorial boards independent of power is steadily declining, and those that do still exist are trying to stay afloat under growing headwinds. At HVG, we persevere and never give in to pressure, bringing local and international news every day.

That’s why we ask you, our readers, to support us! We promise to continue to give you the best we can!