A zero-day vulnerability in Razer Synapse could allow threat actors to gain Windows admin privileges by plugging in a Razer mouse or keyboard.
Razer is a popular computer accessories manufacturer that designs, develops, and sells consumer electronics, financial services, and gaming hardware, including gaming mouse and keyboards.
A local privilege escalation (LPE) zero-day flaw in Razer Synapse allows attackers to gain SYSTEM privileges on Windows systems by plugging in a Razer mouse or keyboard.
When a Razer device is plugged into Windows 10 or Windows 11, the operating system will automatically download and install the Razer Synapse driver and the Razer Synapse software on the computer that allows configuring the devices.
The flaw was discovered by the security researcher jonhat who has disclosed it via Twitter.
After getting SYSTEM privileges in Windows, the attackers can take over the system completely.
The researcher decided to publicly disclose the issue as he did not receive a response from Razer. He also published a video PoC of the attack:
The Razer Synapse software setup wizard allows users to select the folder where they wish to install it. If the attacker clicks on a ‘Choose a Folder’ dialog and then press on Shift and right-click on the dialog he will be prompted to open ‘Open PowerShell window here,’ which allows to open a PowerShell prompt in the folder shown in the dialog.
The PowerShell prompt is launched by a process with SYSTEM privileges, so he gets the SYSTEM privileges too.
When the issue was disclosed, Razer told the researcher that they are working on a fix to address the flaw. Razer also promised to give the researcher a bug bounty reward.