Gaining admin privileges in Windows 10 usually requires authentication. However, sometimes exploits bypass these measures and give users direct access to admin privileges. According to a story on Bleeping Computer, Razer has a bug in its software that lets you gain admin access to Windows 10 operating system in a few simple steps.
When using Windows 10 a typical user, will be limited in making changes to the system without all the needed privileges. To perform these tasks you need system privileges, which is the star of today's show. Thanks to security researcher jonhat, who found a hole in Razer's Synapse software, there is a way to gain system privileges.
When you plug any Razer device into Windows 10 or Windows 11 PC, the OS downloads Razer's Synapse software to accommodate the device and set up a range of available functions on Razer devices, like adjustable lighting, hot-keys, and plenty of others. According to Razer over 100 million PCs use Synapse software worldwide.
Update: August 23, 4:28 p.m. ET:
"We were made aware of a situation in which our software, in a very specific use case, provides a user with broader access to their machine during the installation process," a Razer spokesperson told Tom's Hardware in a prepared statement. "We have investigated the issue, are currently making changes to the installation application to limit this use case, and will release an updated version shortly. The use of our software (including the installation application) does not provide unauthorized third-party access to the machine."
The company also said that anyone who finds an issue with Razer's security should report them through Inspectiv, it's bug bounty service.
The original story continues below:
As Windows OS itself calls and executes the RazerInstaller.exe file, it already does it with system privileges. Once you start the installation process, choosing where to install the software you just choose the option to select a folder, and once you are in the file explorer just press Shift on your keyboard with right-click. There is an option in the dropdown menu to "Open PowerShell Window Here", which you select to open Windows PowerShell. If you type the "whoami" command that lists your user privilege, it outputs "nt authority\system", which means you are accessing the console as an admin, allowing you to execute any command you wish to do.
Need local admin and have physical access?- Plug a Razer mouse (or the dongle)- Windows Update will download and execute RazerInstaller as SYSTEM- Abuse elevated Explorer to open Powershell with Shift+Right clickTried contacting @Razer, but no answers. So here's a freebie pic.twitter.com/xDkl87RCmzAugust 21, 2021
In the Tweet above, you can see the process of how it is done. If any software that automatically installs like this and has the option for opening the Windows PowerShell in the file explorer exists, it could be that it is also vulnerable to the exploit. The researcher later Tweeted that Razer has contacted him and is working on a fix as soon as possible, so be sure to update your Razer Synapse software every time there is an update.