"Razer Bug Lets You Become a Windows 10 Admin by Plugging in a Mouse"

A security researcher has disclosed a zero-day vulnerability in the device installer software for Razer peripherals. This vulnerability can allow a malicious actor to gain Windows administrator privileges just by plugging in a Razer mouse or keyboard. When plugging in a Razer device, the Windows 10 or 11 operating system will automatically download and start installing the Razer Synapse software, which allows users to configure hardware devices, set up macros, and more. Razer Synapse software is said to be used by more than 100 million users globally. With SYSTEM privileges, an attacker can take complete control over a system and install whatever they want, such as malware. Researchers at BleepingComputer tested the vulnerability and confirmed that it took them around two minutes to gain SYSTEM privileges after plugging in a Razer mouse. Since this is a Local Privilege Escalation (LPE) vulnerability, its exploitation does require an attacker to have a Razer device and physical access to a computer. However, the exploitation of this vulnerability is easy as an attacker only needs to purchase a Razer mouse on Amazon for $20 and plug it into a Windows 10 machine to become an administrator. This article continues to discuss the potential exploitation and impact of the Razer software bug. 

BleepingComputer reports "Razer Bug Lets You Become a Windows 10 Admin by Plugging in a Mouse"