Obtaining administrator privileges in Windows 10 usually requires authentication to confirm that you are indeed an administrator, usually in the form of a password. However, sometimes vulnerabilities bypass these measures and allow users to directly access administrator privileges.According to a story Beep computer, Razer has a bug in its software that allows you to gain administrator access to the Windows 10 operating system in a few simple steps.
When using Windows 10, a typical user will be restricted to making changes to the system without all the required permissions. To perform these tasks, you need system permissions, which is the protagonist of today’s show.Thanks security researcher Jonat, Who found a vulnerability in Razer’s Synapse software, there is a way to gain system permissions.
When you plug any Razer device into Windows 10 or Windows 11 PC, operating system download Razer’s Synapse software to adapt to the device and set a series of available functions on the Razer device, such as adjustable lighting, hot keys, etc. According to Razer, more than 100 million PCs worldwide use Synapse software.
When the Windows operating system itself calls and executes the RazerInstaller.exe file, it already uses system permissions to perform this operation. After starting the installation process, select the installation location of the software, you only need to select the folder option, enter the file explorer, and right-click the Shift key on the keyboard. There is an option “Open PowerShell window here” in the drop-down menu. You can select this option to open Windows PowerShell. If you type the “whoami” command that lists your user authority, it will output “nt authoritysystem”, which means you are accessing the console as an administrator, allowing you to execute any commands you wish to execute.
Need a local administrator and have physical access rights? -Insert the Razer mouse (or dongle)-Windows Update will be downloaded and executed as the system RazerInstaller- Abuse the elevated explorer to open Powershell with Shift+right click and try to contact @Razer, but there is no answer. So this is a freebie pic.twitter.com/xDkl87RCmzAugust 21, 2021
In the above tweet, you can see how it is done, and you may ask yourself if there are other similar exploits. If any software that automatically installs like this and can choose to open Windows PowerShell in File Explorer exists, it may also be vulnerable. The researcher subsequently stated on Twitter that Razer has contacted him and is repairing it as soon as possible, so every time there is an update, be sure to update your Razer Synapse software.