Thursday, August 18, 2022
  • Hype
  • Murai
  • Lipstiq
  • Diva
  • Varnam
  • Moviedash
  • Autofreaks
Lowyat.NET
  • News
    • Lifestyle
    • Computing
    • Hardware
    • Internet
    • Rumours & Leaks
    • Software
  • Forums
    • Kopitiam
    • Tradezone
    • Property Talk
    • Finance & Business
    • Fast and Furious
  • Gaming
    • PC Gaming
    • Console
    • Esports
  • Mobile
    • Apps
    • OS
    • Tablets
    • Phones
    • Telco
      • Celcom
      • DiGi
      • Maxis
      • Tune Talk
      • U Mobile
      • Buzzme
  • Pricelists
    • Hardware
      • Compu-zone
      • Viewnet
      • Thundermatch
      • Sri Computers
    • Notebooks
      • Compu-zone
    • Smartphones
      • Thundermatch
  • More
    • Automotive Tech
    • Drone
    • Enterprise
    • Entertainment
    • Fashion
    • E-Hailing
    • Wearables
No Result
View All Result
Lowyat.NET
  • News
    • Lifestyle
    • Computing
    • Hardware
    • Internet
    • Rumours & Leaks
    • Software
  • Forums
    • Kopitiam
    • Tradezone
    • Property Talk
    • Finance & Business
    • Fast and Furious
  • Gaming
    • PC Gaming
    • Console
    • Esports
  • Mobile
    • Apps
    • OS
    • Tablets
    • Phones
    • Telco
      • Celcom
      • DiGi
      • Maxis
      • Tune Talk
      • U Mobile
      • Buzzme
  • Pricelists
    • Hardware
      • Compu-zone
      • Viewnet
      • Thundermatch
      • Sri Computers
    • Notebooks
      • Compu-zone
    • Smartphones
      • Thundermatch
  • More
    • Automotive Tech
    • Drone
    • Enterprise
    • Entertainment
    • Fashion
    • E-Hailing
    • Wearables
No Result
View All Result
Lowyat.NET
No Result
View All Result
Home Security

Peripheral Apps Grant Access To Windows 10 Admin Privileges

Razer and SteelSeries working on fixes for their respective software.

by Ian Chee
August 25, 2021
Razer Synapse
42
SHARES
Share on FacebookShare on Twitter

Gaming peripheral brands these days often have their own software to manage the devices you plug into your PC. Companies like Razer and SteelSeries are among them. But it looks like people have found ways to use the software from these two specific brands to do more than their software intended. This opens up your Windows 10 PC’s security defences to anyone with physical access to your system.

Twitter user @j0nh4t shared that one way you can access this escalation-of-privilege flaw is simply by plugging in a Razer mouse. This then triggers Windows 10’s automatic driver installer, which then prompts the installation of Razer Synapse. From there, you can retain the elevated permissions using PowerShell.

Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click

Tried contacting @Razer, but no answers. So here's a freebie pic.twitter.com/xDkl87RCmz

— jonhat (@j0nh4t) August 21, 2021

ADVERTISEMENT

A similar issue was found with SteelSeries software. But things go a little further as you don’t even need to plug in an actual peripheral. The same level of access can be gained from viewing the license agreement in a browser, saving the web page, then launching PowerShell from the file dialogue that appears. Alternatively, you can also run an Android script to mimic a SteelSeries device to trigger an installation process then use the method described above.

it is not only about @Razer.. it is possible for all.. just another priv_escalation with @SteelSeries https://t.co/S2sIa1Lvjv pic.twitter.com/E3NPQnxqo2

— Lawrence 勞倫斯 (@zux0x3a) August 23, 2021

For the most part, this sort of vulnerability won’t affect you if you use a Windows 10 PC at home and run it normally as an admin anyway. But it’s definitely something to think about if you have a laptop that you take outside, and allow others to use it on occasion. Razer and SteelSeries have both said that they are working on fixing this.

(Source: @j0nh4t, @zux0x3a, @an0n_r0, Tom’s Guide [1], [2] . Image: Razer)

Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news. 

Tags: admininstallerrazersecuritysteelseriesSynapseWindows 10
Updated 9:13 pm, Wed, 25 August 21
Back to top
Share17Tweet11SendShare

ADVERTISEMENT

RELATED ARTICLES

razer leviathan v2 x malaysia price
Audio

Razer Announces Leviathan V2 X Soundbar; Now Available For RM 499

by Heirul Kamel
August 18, 2022
Razer Deathstalker V2 Pro
Hardware

Razer Deathstalker V2 Pro Lightning Review: The Price Of Resurrection

by Ian Chee
August 15, 2022
hacking anti-hacking security cybersecurity
Security

Communications Ministry Wants To Roll Out An Anti-Hacking App

by Ikmal Rozlan
August 13, 2022
DeathAdder V3 Pro
Mouse / Mouse Pad

Razer DeathAdder V3 Pro Now Official; Retails For RM749

by Ikmal Rozlan
August 12, 2022
Load More
No Result
View All Result

TRENDING TODAY

  1. 1
    Fintech

    Touch ‘n Go RFID Fuelling Finally Goes Official: Now Available At 88 Shell Stations

  2. 2
    Apps

    WhatsApp Is Giving You Two Whole Days To Delete Messages

  3. 3
    Security

    Peripheral Apps Grant Access To Windows 10 Admin Privileges

  4. 4
    Mobile Phones

    vivo Y35 Now Available In Malaysia For RM 1,099

  5. 5
    E-commerce

    airasia food Introduces Air-Flown Food Delivery From Penang To Klang Valley

Consumer Tech News & Reviews Malaysia

NETWORK

  • Hype
  • Murai
  • Lipstiq
  • Diva
  • Varnam
  • Moviedash
  • Autofreaks

ABOUT

  • Advertise
  • Careers
  • Privacy Statement
  • Contact Us
  • Editorial Policy
  • Terms & Conditions

©2022 LOWYAT MEDIA, LLC. ALL RIGHTS RESERVED.

No Result
View All Result
  • News
    • Lifestyle
    • Computing
    • Hardware
    • Internet
    • Rumours & Leaks
    • Software
  • Forums
    • Kopitiam
    • Tradezone
    • Property Talk
    • Finance & Business
    • Fast and Furious
  • Gaming
    • PC Gaming
    • Console
    • Esports
  • Mobile
    • Apps
    • OS
    • Tablets
    • Phones
    • Telco
      • Celcom
      • DiGi
      • Maxis
      • Tune Talk
      • U Mobile
      • Buzzme
  • Pricelists
    • Hardware
      • Compu-zone
      • Viewnet
      • Thundermatch
      • Sri Computers
    • Notebooks
      • Compu-zone
    • Smartphones
      • Thundermatch
  • More
    • Automotive Tech
    • Drone
    • Enterprise
    • Entertainment
    • Fashion
    • E-Hailing
    • Wearables

©2022 LOWYAT MEDIA, LLC. ALL RIGHTS RESERVED.

We use cookies to improve your experience. Learn More.