Razer Bug Grants Windows 10 Admin Privileges by Plugging In a Razer Keyboard or Mouse

Table of Contents Hide

Recent Developments

Just recently, it was discovered that a bug in Microsoft’s Windows 10 operating system grants Windows 10 users with administrator privileges–if they are sitting at a Windows 10 computer with a Razer keyboard or mouse plugged into the system. This essentially means that anyone with a Razer mouse or keyboard can switch into the administrator mode on the Windows 10 computer, giving them full access to the operating system.

As any owner of a Razer keyboard or mouse can attest, the Razer Bug is more than a handy way to charge your Razer gaming device. The Razer Bug allows you to remotely log into Windows without a password by just connecting both of your Razer peripherals via USB to your computer.

Tech That Has Transformed Online Gambling

November 15, 2024

Black Ops 6: Shaking Up the CDL Scene

November 7, 2024

Have you ever tried to type your Linux password into a Windows machine, only to realize that the keyboard or mouse you’re using is a different kind of device? The Razer Bug, a new device driver for the Razer Turret gaming mouse, and the Razer Diamondback keyboard, allows a user to connect those two devices—and it turns out they have some serious consequences when it comes to Window Administrator privileges.

Image courtesy of Razer

A zero-day vulnerability discovered by security researcher jonhat grants admin access to Windows 10 users simply by connecting in a Razer mouse or keyboard. When the peripheral is connected, Razer Synapse Software initiates an auto-install procedure, which makes the exploit accessible. PowerShell may be opened with admin privileges, which are the maximum that a user can have in the OS.

This attack needs local access to a computer, yet it has the potential to impact up to 100 million individuals. Jon contacted Razer about the issue but received no response, which is why he made a video about it. After that, Razer called him and stated its security team will look into it, as well as offering him a reward for discovering it.

Another researcher believes that similar vulnerabilities will be found as a result of the way Windows plug-and-play works and how most users rush through the installation procedure. Because the PnP functionality has been available in Windows since version 95, this vulnerability may have been shared by many other systems.

Do you need local administration and physical access? – Connect a Razer mouse (or the dongle) – Windows Update will download RazerInstaller and run it as SYSTEM. – Use Shift+Right click to launch Powershell in elevated Explorer.

I attempted to contact @Razer, but received no response. So here’s a picture that you may use for free. twitter.com/xDkl87RCmz

August 21, 2021 — jonhat (@j0nh4t)

I’d like to inform you that @Razer has contacted me and assured me that their security team is working on a patch as soon as possible.

Even though I was publicly reporting this problem, their response was professional, and I was even given a reward.

August 22, 2021 — jonhat (@j0nh4t)

SYSTEM privileges are the highest level of user rights in Windows, allowing anybody to run any command on the system. In Windows, gaining SYSTEM rights gives a user full access over the system, allowing them to install whatever they want, even viruses.

Bleeping Computer is the source of this information.