Researcher Releases ‘Razer’ Elevation of Privilege Exploit on Twitter

  • A researcher who found a zero-day LPE on ‘Razer Synapse’ has published it on Twitter.
  • The peripherals firm has acknowledged the problem and promised to release a fix ASAP.
  • For the attack to work, one would need a Razer device and access to the target machine.

A researcher has discovered a way to achieve elevation of privilege on Windows 10 through ‘Razer Synapse,’ the official hardware configuration tools for Razer devices such as mice or keyboards. The researcher says attempts to inform Razer of the problem have been made since April 2021, but they failed to provide any answers, so the public disclosure came through the tweet below.

The proof of concept clip shown below demonstrates how trivial it is to exploit the vulnerability and execute code as SYSTEM (local admin). The prerequisite is to have local access to the target machine.

Since this is working on the latest available version of Razer Synapse, used by over 100 million people, this vulnerability has a widespread impact. If you are using a product from Razer on Windows 10, be careful with who is allowed to access your system until a fixing patch is out.

Speaking of which, after the matter went public, it did eventually won Razer’s attention, and they promised to get a fix out as soon as possible. The firm has even thanked the researcher and offered him a bounty for his finding, even though he strayed for the path of proper disclosure.

The problem appears to be that the Razer Synapse tool can be installed anywhere on the system and not on a fixed location, so an attacker could click on the “Choose a Folder” option during the installation process and then open a PowerShell prompt on the selection window with “Shift+rmb.”

Because the installer is running with SYSTEM privileges, the PowerShell opened through it will allow the actor to run any command with administrative rights. The possible implications of this are dire, as admin rights mean the ability to plant malware, alter system settings, delete or add users, access and modify files, disable the anti-virus or firewall, and more.

The issue with drivers running on SYSTEM and attackers enjoying a multitude of ways to exploit it has been well documented on multiple occasions - and it is always a case of a combination of promoting ease of use to security while missing an obvious path to exploitation. On this occasion, the logic flaw that exists on the Razer Synapse tool may very likely be available on numerous other accompanying software that installs drivers or loads software upon the connection of a device.

REVIEW OVERVIEW

Latest

Why Is Demon Slayer So Popular?

In August 2019, the world suddenly started talking about an anime series that had just released its nineteenth episode. Fast forward to...

F1 Live Stream 2022: How to Watch Formula 1 Without Cable

There's not much time until the 2022 Formula 1 World Championship gets underway - the first race is scheduled for late March,...

Disney+ Announces Basketball Series Inspired By Award-Winning Book The Crossover

Disney Plus announced a new basketball-themed drama series that is set to land on the streaming platform, drawing inspiration from the critically...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari