viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
Need to get root on a Windows box? Plug in a Razer gaming mouse
Technology

Need to get root on a Windows box? Plug in a Razer gaming mouse

26/08/2021

Need to get root on a Windows box? Plug in a Razer gaming mouse

Razer

This weekend, security researcher jonhat disclosed a long-standing security bug in the Synapse software associated with Razer gaming mice. During software installation, the wizard produces a clickable link to the location where the software will be installed. Clicking that link opens a File Explorer window to the proposed location—but that File Explorer spawns with SYSTEM process ID, not with the user’s.

Have mouse, will root

  • The “Install Location” at the lower right is a clickable link that opens a File Explorer window to browse for non-standard locations.

  • Right-clicking the File Explorer window and selecting “open powershell here” or “open command prompt here” gets you a shell.

  • And what privileges does that shell have? The same as the File Explorer Window, inherited from the installer dialog itself.

  • We can see that the Razer installer was downloaded automatically by Windows Update when the mouse was plugged in.

By itself, this vulnerability in Razer Synapse sounds like a minor issue—after all, in order to launch a software installer with SYSTEM privileges, a user would normally need to have Administrator privileges themselves. Unfortunately, Synapse is a part of the Windows Catalog—which means that an unprivileged user can just plug in a Razer mouse, and Windows Update will cheerfully download and run the exploitable installer automatically.

Advertisement

Jonhat isn’t the only—or even the first—researcher to discover and publicly disclose this bug. Lee Christensen publicly disclosed the same bug in July, and according to security researcher _MG_, who demonstrated it using an OMG cable to mimic the PCI Device ID of a Razer mouse and exploit the same vulnerability, researchers have been reporting it fruitlessly for more than a year.

Vulnerability fixes coming soon to a Windows Catalog near you

Happily, Razer seems to have finally gotten the memo—jonhat reported that the company reached out to him shortly after his August 21 public disclosure to assure him that its security team is “working on a fix ASAP,” and the company even offered him a bounty despite the public disclosure.

Once Razer itself has patched the vulnerability, the next step will be pushing it to Microsoft for inclusion in Windows Catalog—where it will need to replace the current and vulnerable Razer HIDClass driver that Windows Update automatically downloads and runs whenever a Razer mouse is plugged into the system. (The vulnerable version in the Windows Catalog as of publishing time is 6.2.9200.16495, dated January 2017.)

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

Can the Department of Justice teach Google how to share?
After a year-long investigation into Google’s dominance in search and …

Can the Department of Justice teach Google how to share?

Tribeca Film Festival goes digital April 17 — with VR
If you’ve ever dreamed of attending a prestigious film festival, …

The best VR movies from Tribeca’s Short Film Festival for Oculus Quest and Go

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • Fast & Furious: Crossroads lives video games a quarter-mile at a time
    With the development of generalized AI, what’s …
    16/02/2020
  • Pandemic hasn’t crushed broadband networks—even rural areas are doing OK
    Pandemic hasn’t crushed broadband networks—even rural areas …
    08/04/2020
  • Facebook CTO says hiring matters for mitigating AI bias, but the company lacks AI research diversity stats
    Facebook CTO says hiring matters for mitigating …
    16/06/2020
  • ProBeat: Why Google is really calling for AI regulation
    Google researchers use multiple cameras to reduce …
    25/02/2020
  • PlayStation 5 gets Godfall looter-slasher from Gearbox Publishing
    Our.News fights misinformation with a ‘nutrition label’ …
    09/02/2020

Popular Posts

  • 10 Unusual Tombs from Around the World …
    26/06/2022 0
  • 10 Eerie Real-Life Paranormal Encounters to Creep …
    29/05/2022 0
  • The mystery of China’s sudden warnings about US hackers
    The mystery of China’s sudden warnings about …
    29/05/2022 0
  • 10 Huge Problems Animals Should Have But …
    30/05/2022 0
  • 10 U.S. Towns with Terrifying Local Legends …
    30/05/2022 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2022 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh