A bug in Razer software allows you to log in as administrator on Windows in a few clicks

Plug in a mouse or keyboard and get Windows administrator privileges for a computer? This is the security hole a security researcher discovered inside Razer's Synapse software.

Razer Basilisk V2 Introductory price 89.99 €

Itopdroid rating (3) read the test

Buy used: Buy new:
  • Amazon Warehouse 42,80
  • Cdiscount Marketplace 46,00
  • Fnac.com marketplace 54,90
  • Materiel.net 54,90
  • Rakuten 55,58
  • Boulanger.com 59,99
  • Amazon Marketplace 62,78
  • Topbiz.com 72,93
  • Rue du Commerce 80,99
  • Fnac.com 89,99
  • Darty.com 89,99
  • Top Buy 94,94
  • Maxesport 95,89
  • LDLC 95,90
  • eBay 98,27
  • E. Leclerc - High-Tech 99,10
  • eBay 52,61
How the price table works

Razer Synapse is software that allows you to customize the buttons and RGB LEDs on Razer peripherals. Widely used by gamers across the planet, it is the subject of an easily exploitable security vulnerability. Discovered by @ j0nh4t who detailed the manipulation on Twitter, it allows access to administrator privileges under Windows by simply plugging in a keyboard or mouse.

Need local admin and have physical access?
- Plug a Razer mouse (or the dongle)
- Windows Update will download and execute RazerInstaller as SYSTEM
- Abuse elevated Explorer to open Powershell with Shift+Right click

Tried contacting @Razer, but no answers. So here's a freebie pic.twitter.com/xDkl87RCmz

- jonhat (@ j0nh4t) August 21, 2021

Indeed, when you connect a Razer device to a PC, Windows offers to install Razer Synapse and launches the executable with system privileges. It is then possible to change the software installation folder and open PowerShell with a few clicks, which also opens with administrator privileges. It is therefore possible to execute any command from the computer ...

Windows PowerShell starts with administrator privileges. © @ j0nh4t

Not to worry too much, however, nothing can be done remotely and you have to be physically present in front of the computer to exploit this bug. Razer has nonetheless stated that it is in the process of correcting the flaw and will be offering an update shortly. @ j0nh4t was contacted by the manufacturer and received a bonus for reporting the problem.

So remember to install the next updates to Razer Synapse if you are using the software.

add a comment of A bug in Razer software allows you to log in as administrator on Windows in a few clicks
Comment sent successfully! We will review it in the next few hours.