Skip to main content
  1. Home
  2. Computing
  3. News

Razer mice could give hackers wide-open local access to your Windows PC

Add as a preferred source on Google

The security problems just keep coming for Windows. In the latest, a hacker has discovered that by simply using a Razer mouse, someone with bad intent who already has full physical access to your PC can run their own payloads and even abuse and enter the PowerShell command terminal.

A bit like the ongoing PrintNightmare vulnerability issue of injecting bad drivers via Point and Print, this new flaw has to deal with the way that Razer’s gaming software works. Once a Razer mouse is plugged into a PC, Windows Update downloads and runs a “Razer installer” as a system process. This installer then allows hackers to open an elevated version of Windows Explorer to choose where to install drivers, and they can simply then open PowerShell by pressing the Shift and the right-click buttons on the keyboard. You can see this in action below.

Recommended Videos

Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click

Tried contacting @Razer, but no answers. So here's a freebie pic.twitter.com/xDkl87RCmz

— ҉j҉o҉n҉h҉a҉t҉ (@j0nh4t) August 21, 2021

Pointing out another issue, the hacker who exposed this flaw said that if the installation process is completed and the files are saved to the desktop, a service binary is saved. This can also be hijacked for persistence and be executed before the user login on boot. Even more alarming is that a real Razer mouse is not needed, as a USB ID can be easily spoofed, according to MSPoweruser.

The hacker involved in this situation says they reached out to Razer and that a fix is coming to correct this issue as soon as possible. It’s highly likely that Microsoft is also involved in the fix. The drivers for Razer mice would be needed to be updated or removed from Windows Update so that it no longer provides system privileges once a mouse is plugged in.

Microsoft has been on top of its game when it comes to these security issues. After hackers raised concerns about issues with the Print Spooler in Windows, the company issued a patch just a few day later. Hackers and security researchers, however, keep digging deeper into Windows to expose more flaws.

The latest came just on August 12, when it was discovered that you don’t need administrative privileges in Windows in cases where you need to connect to a printer or a print server if that printer driver is installed locally.

Arif Bacchus
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Apple’s M6 chip isn’t even here yet, but you’ll see M7 Macs early in 2027
Apple is reportedly already accelerating its next-generation silicon roadmap, even before the M6 has launched.
Apple MacBook

The M6 chip is still expected to debut later this year, but Apple may already be preparing for what comes next. According to Mark Gurman's latest report for Bloomberg, the company is aiming to introduce its first M7-powered devices as early as the first half of 2027, hinting at a much faster silicon refresh than many expected.

M7 could arrive alongside new Macs and iPads

Read more
The entry-level MacBook Pro could get a design refresh in 2027, and it’s about time
Five years on the same chassis, and now both tiers of the MacBook Pro are getting a new look at once.
MacBook Pro in space grey sitting on a desk.

Apple has a new MacBook Pro lined up for launch early next year, according to Bloomberg. The company will introduce a 14-inch laptop in the first half of 2027. 

The biggest surprise, however, will be a brand-new design language. The outlet describes it as "a revamped entry-level MacBook Pro, code-named K104."

Read more
Study finds humans will talk to AI ghosts of the dead as reincarnations, and it’s pretty grim
The first AI ghost study is in. The results are about as complicated as you'd expect.
VR Headset, Person, Face

A new study from the University of Colorado Boulder confirms something that sounds both impressive and concerning. People find interacting with AI simulations of their dead loved ones deeply meaningful, and most will come away wanting to do it again.

The researchers call it a "generative ghost," which is a clear reference to generative AI, but I’d still prefer to call it unsettling.

Read more