Home / Technology / You can gain administrator privileges on any Windows machine by connecting a Razer mouse

You can gain administrator privileges on any Windows machine by connecting a Razer mouse

A Razer game mouse with an illuminated scroll wheel sits on a table

Picture: Syafiq Adnan (Shutterstock)

Not all users are the same in Windows. Without administrator access, you can use the computer, but you are not allowed to install specific apps or execute commands, and you are usually blocked from full control of the computer. But right now you can only give yourself SYSTEM privileges on any Windows 10 machine connect to a Razer keyboard or mouse. It seems … bad.

Generally, different “user rights” are a good thing for Windows. It protects the system from people who would abuse these privileges, whether sinister or not. When you have admin or SYSTEM privileges, you have full control over Windows, so it can be dangerous to give that power to anyone.

The idea of ​​connecting to the right mouse can give you full control over a computer sounds more unrealistic than a TV hacker, but it’s true. When you connect one of these Razer devices, Windows automatically downloads Razer Synapse, the software that controls certain settings for the mouse or keyboard. Said Razer software has SYSTEM privileges, since it starts from a Windows process with SYSTEM privileges.

But this is not where vulnerability comes into play. After installing the software, the Windows installation wizard asks which folder you want to save it in. When you select a new location for the folder, you will see a “Select a folder“Traces. Press Shift and right-click on it and you can select “Open the PowerShell window here, ”Which opens a new PowerShell window.

Because this PowerShell window was launched from a SYSTEM privilege process, the PowerShell window itself now has SYSTEM privileges. In fact, you have made yourself an administrator on the computer, which can execute any command you can think of in the PowerShell window.

The vulnerability was first shown on Twitter by user jonhat, who tried to contact Razer about it first, to no avail. Razer eventually followed up and confirmed that an update is underway. Until that update is available, however, the company inadvertently sells tools that make it easy to hack millions of computers.

How to protect your computer from Razer vulnerabilities

Although the best solution is to wait for Razer to fix this bug in the end, we do not know how long it lasts toe. To protect your computer from the machines of Razer peripheralwieLeading potential hackers right now, consider disabling your computer’s USB ports.

There are different (and complicated) ways to do this, but the easiest place to start is via Device Manager. Right click on “This PC, “And then click”Achieve. “Click”Unit processing, “Then click on the arrow next to it Universal Serial Bus controllers. Here you will find all the computer’s USB controllers. You can right-click on these items and select “Disable“To disable them.

When you are ready to reactivate the USB ports, you can follow the same instructions and select “Enable“Instead.

Source link