Technology

Hackers Can Get Admin Rights Via Razer Drivers Windows 10 Bug Exposed

With the help of a Razer mouse, hackers should currently be able to gain administrative access to the Windows 10 operating system. An LPE vulnerability during the driver installation provides access to the input prompt and system rights.

As the resourceful hacker “jonhat” reports via Twitter, he has encountered a security hole in the driver installation of Windows 10, which makes it possible to open PowerShell with administrator rights during this. The vulnerability is triggered by the Windows Update function, which downloads and installs the “RazerInstaller” when a Razer gaming mouse is connected. In turn, Windows Explorer can be used not only to select the desired directory during installation but also to start the command prompt (CMD) as “SYSTEM”.

Simple trigger for hackers, low risk for private users

In this case, a Local Privilege Escalation (LPE) is used as a weak point, but it can only be used locally. The security gap cannot be exploited via remote access to the Windows 10 PC, which is therefore only classified as a low risk for private users. As a trigger, it is sufficient to connect a Razer mouse or a corresponding wireless dongle from the company via the USB port to initiate the download of the “RazerInstaller”. The installation is also restarted as soon as the accessories are connected to a new USB interface. This means that the process can be repeated several times.

The LPE vulnerability is particularly problematic because a Razer mouse is theoretically not necessary for a potential attack, as the hardware ID can be simulated accordingly (keyword: spoofing). The acquisition of comparatively expensive gaming accessories is therefore not necessary for attackers. Detailed statements and reactions from Razer and Microsoft have so far failed to materialize. “jonhat” confirms, however, that the accessory manufacturer has already addressed the problem. It remains to be seen whether, when, and how the gap will be closed.