Hardware maker Razer is going to fix a bug that allows users to get admin rights on Windows 10 or Windows 11 by connecting Razer hardware and clicking through to a PowerShell from the installer. A security researcher discovered that.
The fix should come ‘as soon as possible’, reports security researcher John Hat. He discovered the bug and when he got no response, he posted his findings publicly on Twitter and in a video last weekend. Now that attention has been paid to it, Razer is going to do something with his report.
Hat showed how the exploit works in a video. Plugging in a Razer mouse or keyboard under Windows 10 or 11 causes Windows to automatically install a driver for that hardware from Windows Update and then launch an installer for Razer software. This gives the option to install the software in a self-chosen folder. It is then possible to open PowerShell from that folder, where PowerShell inherits the rights of the folder from which it was opened.
From there it is possible to do anything with those admin rights. The exploit requires physical access to a computer and the ability to plug in or emulate hardware from Razer. As a result, the scale on which this can be abused is limited.