Skip to main content

Razer mice could give hackers wide-open local access to your Windows PC

The security problems just keep coming for Windows. In the latest, a hacker has discovered that by simply using a Razer mouse, someone with bad intent who already has full physical access to your PC can run their own payloads and even abuse and enter the PowerShell command terminal.

A bit like the ongoing PrintNightmare vulnerability issue of injecting bad drivers via Point and Print, this new flaw has to deal with the way that Razer’s gaming software works. Once a Razer mouse is plugged into a PC, Windows Update downloads and runs a “Razer installer” as a system process. This installer then allows hackers to open an elevated version of Windows Explorer to choose where to install drivers, and they can simply then open PowerShell by pressing the Shift and the right-click buttons on the keyboard. You can see this in action below.

Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click

Tried contacting @Razer, but no answers. So here's a freebie

— jonhat (@j0nh4t) August 21, 2021

Pointing out another issue, the hacker who exposed this flaw said that if the installation process is completed and the files are saved to the desktop, a service binary is saved. This can also be hijacked for persistence and be executed before the user login on boot. Even more alarming is that a real Razer mouse is not needed, as a USB ID can be easily spoofed, according to MSPoweruser.

The hacker involved in this situation says they reached out to Razer and that a fix is coming to correct this issue as soon as possible. It’s highly likely that Microsoft is also involved in the fix. The drivers for Razer mice would be needed to be updated or removed from Windows Update so that it no longer provides system privileges once a mouse is plugged in.

Microsoft has been on top of its game when it comes to these security issues. After hackers raised concerns about issues with the Print Spooler in Windows, the company issued a patch just a few day later. Hackers and security researchers, however, keep digging deeper into Windows to expose more flaws.

The latest came just on August 12, when it was discovered that you don’t need administrative privileges in Windows in cases where you need to connect to a printer or a print server if that printer driver is installed locally.

Editors' Recommendations

Arif Bacchus
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
This Windows 11 update could seriously boost your SSD
microsoft announces surface pro 7 plus ssd

Ever since it launched, Windows 11 has suffered from an issue where solid-state drives might not perform to the fullest possible speeds. A Windows Update in December slightly alleviated those problems for some people, but the latest preview update for Windows 11 could possibly help address it once and for all.

According to the changelog for the preview update, named KB5008353, Microsoft finally addressed the performance regression issue that occurs when you enable the update sequence number (USN) journal. This is typically where Windows stores the filesystem changes made to your disk drive. And, per posts on social media, was the culprit of poor SSD speeds from the beginning.

Read more
Change these 5 settings on your new Windows laptop
Victus 16 by HP Laptop

Buying a new laptop means having a fresh start. Windows 10 or Windows 11 will be as clean as ever, and you're free to configure the operating system to fit your needs.

Usually, you might see some prompts in the Windows 11 or Windows 10 "Out of Box" experience to help you tweak Windows to the way you want it. That could be for gaming, productivity, or even video editing. Yet, even with those options, we still have our own suggestions for top settings that you can change on your new laptop.
Display Scaling

Read more
Windows 11 brings back a familiar ‘friend’ to accompany your PC crashing
Windows 11 blue error crash screen.

Microsoft has decided to change the black screen of death (BSOD) introduced in Windows 11 back to the more familiar blue color.

As Ars Technica discovered in extensive patch notes for a new preview build, Microsoft confirmed the switch in the changelog, saying, “We changed the screen color to blue when a device stops working or a stop error occurs as in previous versions of Windows.”

Read more