Just connect a Razer mouse to Windows to get administrator privileges.

Let’s see how the vulnerability works. Let’s take into account Plug & Play systems. So, when you plug in the mouse, Windows Update will start downloading and installing RazerInstaller. Which includes drivers and device configuration software. Additionally, the installer provides the option to install the software in the chosen folder. However, it also allows you to open an instance of Windows Explorer that runs with the same privileges as the installer itself. In other words, as SYSTEM.

It is then possible to start a PowerShell console from this folder. And if you press Shift + to right-click on the window, Powershell is granted the permissions of the folder from which it was started. From here on it is possible to do anything with these administrator privileges. So any user is granted these privileges. Even if the one who connected the mouse was not the legitimate administrator.

What Razer says about it.

In principle, the same user @jh0nh4t, tried to contact the company. However, when they did not respond, he decided to make the failure public. But later, Razer contacted the user. In addition, he states that they have behaved in a professional manner. The company states that it is working hard to correct this security issue. And they state that they are committed to the safety of users. Ultimately, we have seen that If you connect a Razer mouse to Windows, you will get administrator privileges. Another serious threat to Windows security. See you later!

The post If you connect a Razer mouse to Windows, you will get administrator privileges. appeared first on Linux Windows and android Tutorials.