How To Register Razer Mouse

the usual wsuspects —

Need to get root on a Windows box? Plug in a Razer gaming mouse

Razer's automatically downloaded installer exposes a SYSTEM shell to any user.

Razer

This weekend, security researcher jonhat disclosed a long-standing security bug in the Synapse software associated with Razer gaming mice. During software installation, the sorcerer produces a clickable link to the location where the software will be installed. Clicking that link opens a File Explorer window to the proposed location—just that File Explorer spawns with Organization process ID, not with the user'due south.

Accept mouse, volition root

• The "Install Location" at the lower right is a clickable link that opens a File Explorer window to browse for non-standard locations.

• Correct-clicking the File Explorer window and selecting "open powershell here" or "open command prompt here" gets you a shell.

• And what privileges does that trounce have? The same as the File Explorer Window, inherited from the installer dialog itself.

• We can come across that the Razer installer was downloaded automatically by Windows Update when the mouse was plugged in.

Past itself, this vulnerability in Razer Synapse sounds like a minor issue—after all, in lodge to launch a software installer with Organization privileges, a user would normally need to have Administrator privileges themselves. Unfortunately, Synapse is a part of the Windows Itemize—which ways that an unprivileged user tin merely plug in a Razer mouse, and Windows Update will cheerfully download and run the exploitable installer automatically.

Jonhat isn't the merely—or even the first—researcher to find and publicly disclose this problems. Lee Christensen publicly disclosed the same issues in July, and according to security researcher_MG_, who demonstrated information technology using an OMG cablevision to mimic the PCI Device ID of a Razer mouse and exploit the same vulnerability, researchers accept been reporting it fruitlessly for more than a year.

Vulnerability fixes coming soon to a Windows Catalog about you

Happily, Razer seems to have finally gotten the memo—jonhat reported that the company reached out to him shortly afterwards his August 21 public disclosure to clinch him that its security team is "working on a fix ASAP," and the visitor even offered him a bounty despite the public disclosure.

Once Razer itself has patched the vulnerability, the adjacent step will exist pushing it to Microsoft for inclusion in Windows Catalog—where information technology volition demand to replace the electric current and vulnerable Razer HIDClass driver that Windows Update automatically downloads and runs whenever a Razer mouse is plugged into the arrangement. (The vulnerable version in the Windows Catalog as of publishing fourth dimension is half dozen.two.9200.16495, dated January 2017.)

Source: https://arstechnica.com/information-technology/2021/08/need-to-get-root-on-a-windows-box-plug-in-a-razer-gaming-mouse/

Posted by: oconnelltonest.blogspot.com

Share this post