A rather unusual vulnerability in Razer mice has been identified and the company is currently working on a fix. Over the weekend, security researcher Jon Hat posted on Twitter that after plugging in a Razer mouse or dongle, Windows Update will download the Razer installer executable and run it with SYSTEM privileges. It also lets you access the Windows file explorer and Powershell with "elevated" privileges — which essentially means someone with physical access to the computer could install harmful software.
Need local admin and have physical access?
— jonhat (@j0nh4t) August 21, 2021
- Plug a Razer mouse (or the dongle)
- Windows Update will download and execute RazerInstaller as SYSTEM
- Abuse elevated Explorer to open Powershell with Shift+Right click
Tried contacting @Razer, but no answers. So here's a freebie pic.twitter.com/xDkl87RCmz
Since this vulnerability requires direct, physical access to a computer, it's not nearly as dangerous as a security issue that can be carried out remotely, but it's still a troubling find. Hat said on Twitter that Razer eventually reached out and told him that the company's security team was working on a fix. We've reached out to Razer as well to verify these details and will update this story if we hear anything, including when users might expect the issue to be fixed. We're also hoping to find out what specific Razer mice can cause the issue.
from Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics https://ift.tt/3sNvTyY
No comments:
Post a Comment