A vulnerability in the Razer Synapse mouse or keyboard could allow an attacker with physical access to a Windows computer to gain Windows admin privileges. Security Researcher jonhat revealed on Twitter that they found a vulnerability in the installation software that is automatically downloaded by Windows 10 or 11 to allow a user of Razer devices to set up their device. The vulnerability allows users to gain SYSTEM privileges on Windows and attain complete control over the device by simply right-clicking a folder during the setup routine and selecting “Open PowerShell Window Here.” The bug is a Local Privilege Escalation (LPE) vulnerability, which means that it grants an existing user higher permissions. An attacker would need to have a Razer device, physical access to a computer, and a valid user account with permissions to install software in order to exploit the vulnerability. According to researchers, it took a very short amount of time to gain admin privileges on Windows 10 with the Razer Synapse device and its control software. Jonhat informed Razer of the issue and they are working on fixing the issue.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in