Author Topic: Need Root? Plug in a Razer Mouse!  (Read 146 times)

Offline splerdu

  • Veterans
  • Member
  • ***
  • Posts: 8367
Need Root? Plug in a Razer Mouse!
« on: August 27, 2021, 06:35:39 AM »
https://arstechnica.com/information-technology/2021/08/need-to-get-root-on-a-windows-box-plug-in-a-razer-gaming-mouse/

Quote
This weekend, security researcher jonhat disclosed a long-standing security bug in the Synapse software associated with Razer gaming mice. During software installation, the wizard produces a clickable link to the location where the software will be installed. Clicking that link opens a File Explorer window to the proposed locationóbut that File Explorer spawns with SYSTEM process ID, not with the user's.



fhtagn

Offline barurutor

  • Moderators
  • Member
  • *
  • Posts: 3590
  • The Truth Shall Make Ye Fret.
Re: Need Root? Plug in a Razer Mouse!
« Reply #1 on: August 27, 2021, 09:38:02 AM »
interesting, i suppose it could be useful if you have enough privileges to run the installer but nothing more privileged than that.
<insert witty saying or hobby specs here>

Offline splerdu

  • Veterans
  • Member
  • ***
  • Posts: 8367
Re: Need Root? Plug in a Razer Mouse!
« Reply #2 on: August 27, 2021, 02:14:18 PM »
^ The article says that you can be an unpriviledged user and the installer will still run because it's part of Windows Catalog.

I'm gonna need to try it on something more locked down, but my understanding is that it's Windows that's running the installer (hence the system-level privileges) and not the logged-in user.

Interestingly this also bypasses the "Do Not Include Drivers With Windows Update" policy in Group Policy. I'm pretty sure I have that enabled and the Synapse installer still opens when I plug in a Razer mouse.

Quote
Unfortunately, Synapse is a part of the Windows Catalogówhich means that an unprivileged user can just plug in a Razer mouse, and Windows Update will cheerfully download and run the exploitable installer automatically.
fhtagn