According to various reports, Windows 10 is even more vulnerable to third-party drivers than previously thought. In the past few days, a recent study shows that how users can get admin privileges on Windows 10 simply by installing a wireless Razer keyboard or a mouse.
How to get admin privileges on Windows 10 by installing a Razer keyboard or mouse?
After the infamous July discovery of PrintNightmare bugs, the hacker community has focused more on finding vulnerabilities in the Windows 10 operating system through third-party drivers. This hunt has now led to the discovery that installing a simple wireless dongle for a mouse allows admin access to the interior of the operating system.
According to the hacker Jonhat, installing a Razer keyboard or mouse makes it easy to gain admin privileges in Windows 10. During installation, Windows Update downloads the RazerInstaller driver and runs it as a system.
The Installer then gives users the option to open an Explorer screen to choose the location where the drivers should be installed. Then, with a simple right-click, a Powershell terminal with system privileges can be opened. After that, hackers can do whatever they want.
During the installation process, when users determine the save directory for the user path as Desktop, the Installer saves a service binary. This particular binary can be hijacked by hackers for persistence. The binary is then executed each time for user login during the boot of the device.
The hack wouldn’t even require a Razer keyboard or mouse. Any spoofed USB device can do the job, according to Jonhat.
Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right clickTried contacting @Razer, but no answers. So here's a freebie pic.twitter.com/xDkl87RCmz
— jonhat (@j0nh4t) August 21, 2021
The hack would have been known for a year, but manufacturer Razer had not yet taken any action. The manufacturer has now indicated that it is working on a patch. “We were made aware of a situation in which our software, in a very specific use case, provides a user with broader access to their machine during the installation process. We have investigated the issue, are currently making changes to the installation application to limit this use case and will release an updated version shortly. The use of our software (including the installation application) does not provide unauthorized third-party access to the machine,” a Razer spokesperson said.
It is not yet known whether Microsoft is also working on a solution for this problem in its upcoming patch release?