Not all users are equal in Windows. Without administrator access, you can use the computer, but you aren’t allowed to install certain apps or perform commands, and you’re generally blocked from full control of the machine. But right now, you can grant yourself SYSTEM privileges on any Windows 10 machine simply by plugging in a Razer keyboard or mouse. That seems… bad.
Usually, different “user rights” are a good thing for Windows. It protects your system from people who would abuse those privileges, either nefariously or not. When you have admin — or SYSTEM — privileges, you are in total control over Windows, so it can be dangerous to give that power to just anyone.
The idea that plugging in the right mouse could give you total control over a computer sounds more unrealistic than a TV hacker, but it’s true. When you plug in one of these Razer peripherals, Windows will automatically download Razer Synapse, the software that controls certain settings for your mouse or keyboard. Said Razer software has SYSTEM privileges, since it launches from a Windows process with SYSTEM privileges.
But that’s not where the vulnerability comes into play. Once you install the software, Windows’ setup wizard asks which folder you’d like to save it to. When you choose a new location for the folder, you’ll see a “Choose a Folder” prompt. Press Shift and right-click on that, and you can choose “Open PowerShell window here,” which will open a new PowerShell window.
Because this PowerShell window was launched from a process with SYSTEM privileges, the PowerShell window itself now has SYSTEM privileges. In effect, you’ve turned yourself into an admin on the machine, able to perform any command you can think of in the PowerShell window.
Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click
— jonhat (@j0nh4t) August 21, 2021
This vulnerability was first brought to light on Twitter by user jonhat, who tried contacting Razer about it first, to no avail. Razer did eventually follow up, confirming a patch is in the works. Until that patch is available, however, the company is inadvertently selling tools that make it easy to hack millions of computers.
How to protect your computer from Razer’s vulnerability
While the best fix is to wait for Razer to patch this bug on their end, we don’t know how long that’ll take. If you want to protect your computer from the machinations of Razer peripheral-wielding potential hackers right now, consider disabling your computer’s USB ports.
There are various (and complicated) ways to do this, but the easiest place to start is via Device Manager. Right-click on “This PC,” then click “Manage.” Click “Device Manager,” then click the arrow next to Universal Serial Bus controllers. Here you will find all of your computer’s USB controllers. You can right-click on these items and choose “Disable” to disable them.
When you’re ready to reenable your USB ports, you can follow these same instructions and choose “Enable” instead.