fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Razer Bug Lets You Become a Windows 10 Admin By Plugging in a Mouse

Razer Bug Lets You Become a Windows 10 Admin By Plugging in a Mouse

A Razer Synapse zero-day vulnerability has been disclosed on Twitter, allowing you to gain Windows admin privileges simply by plugging in a Razer mouse or keyboard.

Razer is a very popular computer peripherals manufacturer known for its gaming mouses and keyboards.

When plugging in a Razer device into Windows 10 or Windows 11, the operating system will automatically download and begin installing the Razer Synapse software on the computer. Razer Synapse is software that allows users to configure their hardware devices, set up macros, or map buttons.

Razer claims that that their Razer Synapse software is used by over 100 million users worldwide.

Security researcher jonhat discovered a zero-day vulnerability in the plug-and-play Razer Synapse installation that allows users to gain SYSTEM privileges on a Windows device quickly.

SYSTEM privileges are the highest user rights available in Windows and allow someone to perform any command on the operating system. Essentially, if a user gains SYSTEM privileges in Windows, they attain complete control over the system and can install whatever they want, including malware.

After not receiving a response from Razer, jonhat disclosed the zero-day vulnerability on Twitter yesterday and explained how the bug works with a short video.

Also Read: Top 3 Common Data Protection Mistakes, Revealed

Getting SYSTEM privileges by plugging in a mouse

As BleepingComputer has a Razer mouse available, we decided to test out the vulnerability and have confirmed that it took us about two minutes to gain SYSTEM privileges in Windows 10 after plugging in our mouse.

It should be noted that this is a local privilege escalation (LPE) vulnerability, which means that you need to have a Razer devices and physical access to a computer. With that said, the bug is so easy to exploit as you just need to spend $20 on Amazon for Razer mouse and plug it into Windows 10 to become an admin.

To test this bug, we created a temporary ‘Test’ user on one of our Windows 10 computers with standard, non-administrator privileges, as shown below.

Test user with no administrative rights in Windows 10
Test user with no administrative rights in Windows 10

When we plugged the Razer device into Windows 10, the operating system automatically downloaded and installed the driver and the Razer Synapse software.

Since the RazerInstaller.exe executable was launched via a Windows process running with SYSTEM privileges, the Razer installation program also gained SYSTEM privileges, as shown below.

RazerInstaller.exe running with SYSTEM privileges
RazerInstaller.exe running with SYSTEM privileges

When the Razer Synapse software is installed, the setup wizard allows you to specify the folder where you wish to install it. The ability to select your installation folder is where everything goes wrong.

When you change the location of your folder, a ‘Choose a Folder’ dialog will appear. If you press Shift and right-click on the dialog, you will be prompted to open ‘Open PowerShell window here,’ which will open a PowerShell prompt in the folder shown in the dialog.

Also Read: Financial Cost of Ransomware

Razer Synapse installation prompt
Razer Synapse installation prompt

As this PowerShell prompt is being launched by a process with SYSTEM privileges, the PowerShell prompt will also inherit those same privileges.

As you can see below, once we opened the PowerShell prompt and typed the ‘whoami’ command, it showed that the console has SYSTEM privileges allowing us to issue any command we want.

PowerShell prompt with SYSTEM privileges
PowerShell prompt with SYSTEM privileges

As explained by Will Dormann, a Vulnerability Analyst at the CERT/CC, similar bugs are likely to be found in other software installed by the Windows plug-and-play process.

A video demonstration of the Razer Synapse vulnerability has also been shared by jonhat, which can be watched below.https://streamable.com/e/q2dsji

Razer to fix the vulnerability

After this zero-day vulnerability gained wide attention on Twitter, Razer has contacted the security researcher to let them know that they will be issuing a fix.

Razer also told the researcher that he would be receiving a bug bounty reward even though the vulnerability was publicly disclosed.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us