Device maker Razer will fix a bug that allows users to gain administrator rights on Windows 10 or Windows 11 by connecting Razer devices and clicking to access Powershell from the installer. A security researcher discovered it.
The reform should come “as soon as possible”, Security researcher John Hatt reports. He discovered the bug and when he didn’t get a response, he posted his findings publicly on Twitter and last weekend In a video. Now that it has been taken care of, Razer will do something with its determination.
Hat showed how the exploit works in a video. Connecting a Razer mouse or keyboard under Windows 10 or 11 causes Windows to automatically install a driver for that hardware from Windows Update and then run an installer for Razer. This gives the option to install the software in a folder of your choice. It is then possible to open Powershell from that folder, as Powershell is given rights to the folder it was opened from.
From there you can do everything with those admin rights. The exploitation requires physical access to a computer and the ability to connect or emulate hardware from Razer. As a result, the range in which it can be abused is limited.
“Professional web ninja. Certified gamer. Avid zombie geek. Hipster-friendly baconaholic.”