Gaming peripheral brands these days often have their own software to manage the devices you plug into your PC. Companies like Razer and SteelSeries are among them. But it looks like people have found ways to use the software from these two specific brands to do more than their software intended. This opens up your Windows 10 PC’s security defences to anyone with physical access to your system.
Twitter user @j0nh4t shared that one way you can access this escalation-of-privilege flaw is simply by plugging in a Razer mouse. This then triggers Windows 10’s automatic driver installer, which then prompts the installation of Razer Synapse. From there, you can retain the elevated permissions using PowerShell.
Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click
— jonhat (@j0nh4t) August 21, 2021
A similar issue was found with SteelSeries software. But things go a little further as you don’t even need to plug in an actual peripheral. The same level of access can be gained from viewing the license agreement in a browser, saving the web page, then launching PowerShell from the file dialogue that appears. Alternatively, you can also run an Android script to mimic a SteelSeries device to trigger an installation process then use the method described above.
— Lawrence 勞倫斯 (@zux0x3a) August 23, 2021
For the most part, this sort of vulnerability won’t affect you if you use a Windows 10 PC at home and run it normally as an admin anyway. But it’s definitely something to think about if you have a laptop that you take outside, and allow others to use it on occasion. Razer and SteelSeries have both said that they are working on fixing this.