News

Razer to fix bug that gives users admin rights on Windows via installer

By admin
Spread the love

Hardware maker Razer is going to fix a bug that allows users to get admin rights on Windows 10 or Windows 11 by connecting Razer hardware and clicking through to a PowerShell from the installer. A security researcher discovered that.

The fix should come ‘as soon as possible’, reports security researcher John Hat. He discovered the bug and when he got no response, he posted his findings publicly on Twitter and in a video last weekend. Now that attention has been paid to it, Razer is going to do something with his report.

Hat showed how the exploit works in a video. Plugging in a Razer mouse or keyboard under Windows 10 or 11 causes Windows to automatically install a driver for that hardware from Windows Update and then launch an installer for Razer software. This gives the option to install the software in a self-chosen folder. It is then possible to open PowerShell from that folder, where PowerShell inherits the rights of the folder from which it was opened.

From there it is possible to do anything with those admin rights. The exploit requires physical access to a computer and the ability to plug in or emulate hardware from Razer. As a result, the scale on which this can be abused is limited.

You might also like
News

X begins to deploy the audio and video calling function (but only paying users can…

News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Telegram has over 800 million active users and is not yet profitable