Skip to main content
  1. Home
  2. Computing

Razer mice could give hackers wide-open local access to your Windows PC

By

The security problems just keep coming for Windows. In the latest, a hacker has discovered that by simply using a Razer mouse, someone with bad intent who already has full physical access to your PC can run their own payloads and even abuse and enter the PowerShell command terminal.

A bit like the ongoing PrintNightmare vulnerability issue of injecting bad drivers via Point and Print, this new flaw has to deal with the way that Razer’s gaming software works. Once a Razer mouse is plugged into a PC, Windows Update downloads and runs a “Razer installer” as a system process. This installer then allows hackers to open an elevated version of Windows Explorer to choose where to install drivers, and they can simply then open PowerShell by pressing the Shift and the right-click buttons on the keyboard. You can see this in action below.

Recommended Videos

Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click

Tried contacting @Razer, but no answers. So here's a freebie pic.twitter.com/xDkl87RCmz

— ҉j҉o҉n҉h҉a҉t҉ (@j0nh4t) August 21, 2021

Related

Pointing out another issue, the hacker who exposed this flaw said that if the installation process is completed and the files are saved to the desktop, a service binary is saved. This can also be hijacked for persistence and be executed before the user login on boot. Even more alarming is that a real Razer mouse is not needed, as a USB ID can be easily spoofed, according to MSPoweruser.

The hacker involved in this situation says they reached out to Razer and that a fix is coming to correct this issue as soon as possible. It’s highly likely that Microsoft is also involved in the fix. The drivers for Razer mice would be needed to be updated or removed from Windows Update so that it no longer provides system privileges once a mouse is plugged in.

Microsoft has been on top of its game when it comes to these security issues. After hackers raised concerns about issues with the Print Spooler in Windows, the company issued a patch just a few day later. Hackers and security researchers, however, keep digging deeper into Windows to expose more flaws.

The latest came just on August 12, when it was discovered that you don’t need administrative privileges in Windows in cases where you need to connect to a printer or a print server if that printer driver is installed locally.

Editors’ Recommendations

Topics
Arif Bacchus
Arif Bacchus
Former Digital Trends Contributor
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Use Office? Your PC could be at risk due to this Microsoft change
Computer user touching on Microsoft Word icon to open the program.

If you're using Microsoft Office on your Windows PC, then you might want to keep your eye out for potential new security issues.

Microsoft has just backtracked on a decision it made earlier in 2022, and will no longer be blocking Visual Basic for Applications (VBA) macros in Office files by default across Word, PowerPoint, Excel, Access, and Visio.

Read more
Beware this fake Windows 11 installer that may harm your PC
Person sitting and using a Windows Surface computer with Windows 11.

If you're looking to download or upgrade to Windows 11 and go to a search engine to find the files to do so, you might want to be very careful. According to recent reports, hackers are currently leveraging a new campaign where you might end up downloading a fake Windows 11 updater, that could leave your system infected with malware.

This new campaign specifically targets people who go to search engines looking to download Windows if their devices don't meet minimum specs. It sends these unsuspecting users to an official-looking, but fake, Microsoft website with a Windows 11 "Download Now" button. The website has official Microsoft logos, favorite icons, and even official Windows 11 imagery. As of this writing, the website is no longer available, but Bleeping Computer provided the screenshot below before the problematic website was pulled.

Read more
Have an unsupported PC? Windows 11 has a message for you
Laptop screen featuring a Windows update screen.

If you're running Windows 11 on an unsupported PC, then you might want to keep your eyes open for a new warning in the future. That's because Microsoft is internally testing a new message in the Windows 11 Settings app to alert you that your system doesn't meet the minimum requirements for the new operating system.

Twitter user and Windows leaker @thebookisclosed was the first to note this, but the good news is that it doesn't look as though the messages might get in the way as much as the "Windows isn't activated" warning and watermark might. Per the Twitter user, Microsoft's latest preview builds just has an alert in the Windows 11 Settings app as a small "hero" to indicate when system requirements are not met.

Read more