A vulnerability in the Razer Synapse mouse or keyboard could allow an attacker with physical access to a Windows computer to gain Windows admin privileges. Security Researcher jonhat revealed on Twitter that they found a vulnerability in the installation software that is automatically downloaded by Windows 10 or 11 to allow a user of Razer devices to set up their device. The vulnerability allows users to gain SYSTEM privileges on Windows and attain complete control over the device by simply right-clicking a folder during the setup routine and selecting “Open PowerShell Window Here.” The bug is a Local Privilege Escalation (LPE) vulnerability, which means that it grants an existing user higher permissions. An attacker would need to have a Razer device, physical access to a computer, and a valid user account with permissions to install software in order to exploit the vulnerability. According to researchers, it took a very short amount of time to gain admin privileges on Windows 10 with the Razer Synapse device and its control software. Jonhat informed Razer of the issue and they are working on fixing the issue.
According to other researchers, a bug like this in “plug and play” software is not uncommon. Issues like these are why it is important not to leave an unlocked device in public for anyone to access. The access gained with this mouse could lead to an attacker installing malware on a device that could be used for several things, including ransomware and spyware. It is good practice for anyone, including members of an organization at an executive level to never leave their computer unattended unless it is locked and secured. This is especially true when traveling to foreign countries or places. It is also important for organizations to carefully consider which employee groups should be allowed to install software to support devices, and monitor for unusual actions from employee user accounts. Utilizing a monitoring service to detect malicious activities on devices will help identify and mitigate attacks quickly. Binary Defense’s Managed Detection and Response (MDR) in conjunction with the 24/7 Security Operations Task Force is a great asset to have.