Security researcher Jonhat shared a tweet exposing a zero-day vulnerability in Razer Synapse installation software. A simple plug-and-play USB or dongle can give you Windows admin privileges.
In the computer peripherals industry, Razer is known for its gaming mice and keyboards. The installation software called Synapse automatically gets downloaded when a new device is plugged in for the first time. It abuses the elevated explorer to open Powershell and get admin access.
To put it simply, if one can get admin access to Windows, they can get complete control of the operating system and install any software/hardware and play truant by also installing malware causing huge damage.
The security researcher reached out to Razer to share the vulnerability, however, he did not receive any response from them. He further disclosed the information about the zero-day vulnerability on Twitter, explaining how the bug works.
Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right clickTried contacting @Razer, but no answers. So here’s a freebie pic.twitter.com/xDkl87RCmz
— jonhat (@j0nh4t) August 21, 2021
Once the exploitation began to be widely discussed and tweeted, Razer took cognizance and reached out to Jonhat. In an update, the researcher shared that he was contacted and assured by Razer that the company was working on a fix with high importance. He was also offered a bounty even though the bug was publicly disclosed.
I would like to update that I have been reached out by @Razer and ensured that their security team is working on a fix ASAP.
Their manner of communication has been professional and I have even been offered a bounty even though publicly disclosing this issue.
— jonhat (@j0nh4t) August 22, 2021
What is PowerShell?
PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and the associated scripting language. Since the command opens with admin privileges by default, all the processes get admin access.
The Windows Vulnerability
A spate of critical vulnerabilities has been reported around Windows, the most recent being the Print Spooler bug (CVE-2021-36958). Microsoft had released security patches addressing 44 CVEs in the month of August alone.