It seems a main security flaw in Windows 10 has been found, and triggering it can be so simple as plugging in a Razer device.
As MSPoweruser stories, a ‘white hat’ hacker, jonhat, has found that if you plug in a Razer mouse into a new system, Windows Update will {download} and run the RazerInstaller program, which installs the Razer drivers, as SYSTEM. Basically, this grants the person the very best degree of permission in Windows 10, permitting somebody to entry and alter crucial recordsdata and settings in the working system.
While it seems that the software program is simply supposed to make use of SYSTEM privileges briefly for putting in the drivers, jonhat discovered that through the course of, you can change the set up location of the drivers.
This opens up a Windows Explorer window, after which by holding down Shift on the keyboard and right-clicking in the window, you can open up the Powershell terminal with SYSTEM privileges. This permits a person to do nearly something in your PC – a scary prospect if a malicious person makes use of this methodology.
Need native admin and have bodily entry?- Plug a Razer mouse (or the dongle)- Windows Update will {download} and execute RazerInstaller as SYSTEM- Abuse elevated Explorer to open Powershell with Shift+Right clickTried contacting @Razer, however no solutions. So this is a freebie pic.twitter.com/xDkl87RCmzAugust 21, 2021
How anxious do you have to be?
This all sounds moderately worrying, however how a lot hazard does it put you in? For many individuals the risk isn’t quick. A malicious person would wish bodily entry to your PC to plug in a Razer device (or spoof its USB ID, fooling the PC into pondering any USB device is a Razer one), and run the Razer installer.
If your PC is a desktop device in your private home, and solely you've entry to it, then the danger is fairly low. Of course, for those who use a laptop computer that can be stolen, the risk is extra extreme, however once more you’d be unlikely to fall sufferer to it.
We contacted Razer, and the excellent news is that the corporate is conscious of the problem and is working to repair it. A Razer spokesperson informed us that “We had been made conscious of a scenario in which our software program, in a very particular use case, gives a person with broader entry to their machine through the set up course of.
"We have investigated the issue, are currently making changes to the installation application to limit this use case, and will release an updated version shortly.”
This is the outcome that jonhat wanted. ‘White hat’ hackers are people that use their hacking expertise for good, finding security flaws in software and alerting the developers so that they can be fixed.
Of course, making the flaw public brings a certain amount of risk that malicious hackers will learn how to use the security issue, but jonhat claimed that they had tried to contact Razer, but initially got no reply.
By publicly announcing the flaw, it seems that it brought the attention to Razer, and jonhat later announced that the company had been in touch with him and assured him that they were working on a fix. In a rather nice ending to this tale, Razer also offered jonhat a bounty (reward) for finding the flaw, despite him publicly disclosing the issue.
I would like to update that I have been reached out by @Razer and ensured that their security team is working on a fix ASAP.Their manner of communication has been professional and I have even been offered a bounty even though publicly disclosing this issue.August 22, 2021
Analysis: who’s to blame?
So, with Razer looking into the issue, should we all breathe a sigh of relief? Perhaps not, as like the PrintNightmare security issues in Windows 10 earlier this year, it shows that Microsoft’s operating system still has major problems with how it handles third party drivers, and how it still suffers from security issues.
This paints a more worrying picture for Windows 10 – as if this security issue has been found, how many more similar ones are out there? This security flaw may specifically use Razer software, but at the end of the day, it’s Microsoft’s duty to ensure that its operating systems can’t be compromised like this. The fundamental roots of this flaw, then, lie with how Windows 10 handles third party drivers.
For Razer’s part, it has at least now acknowledged the problem and is working on a fix. We’re pleased to see it offering a bounty to jonhat as well. As the Razer spokesperson told us, “We are committed to ensuring the digital safety and security of all our systems and services, and should you come across any potential lapses, we encourage you to report them through our bug bounty service, Inspectiv.”
Source {link}