Razer will fix the bug that gives users administrator rights to Windows

The zero-day flaw allows users to gain admins privileges via the installer: a threat for 100 million users

The vulnerability in mouse software gained attention due to the severity of the issue.

The vulnerability was found to allow any user to get admin rights on the Windows 10 or Windows 11 machine by plugging in the mouse.^[1] Razer is quite a popular computer peripherals manufacturer and is known for its gaming mouses and keyboards. However, in recent days, the more talked about topic is this bug that could cause severe cyber safety issues. A Razer Synapse zero-day vulnerability was shared on Twitter and if used, that could lead to an opportunity to gain Windows admin privileges simply by plugging in a Razer mouse or the keyboard.

If you plug in a Razer device into Windows 10 or Windows 11, the operating system will automatically download the installer file and begin installing the Razer Synapse software, which allows users to configure their hardware devices, set up macros, or map buttons. RazerInstaller.exe normally runs with system-level privileges to make any changes to the Windows PC making this matter especially risky.

On an even more serious note, RazerInstaller.exe also allows the user to open a File Explorer and users can launch PowerShell that will let them do anything with the system, including installing malware. However, in doing so threat actor would need physical access to the target Windows computer and a Razer mouse.^[2] It could cause some damage as Razer Synapse software is used by over 100 million users worldwide.

Crucial issues like that can be undetected

Razer came out and acknowledged the bug and with it, promised to roll out a fix as soon as possible.^[3] However, there are many questions left unanswered: it is possible that some installers have similar security holes waiting to be exploited. As the company is coming up with the fix, it was also shared that researcher who originally disclosed the problem would be receiving a bug bounty reward even though the vulnerability was shared publicly.

This situation has shown that this type of flaw may be something that could come unnoticed and later lead to serious trouble. Experts say that this hack is fairly dangerous, especially under the wrong hands as it could be done in just a manner of minutes and infect a device. It is also easily accessible to all those who know their ins and outs on the computer, and this could result in something that can infiltrate easily.^[4]

The issue gained wide attention on social media because it was made public and because the problem can affect many people. The researcher that made this flaw public will receive the bug bounty reward, said Razer. Even though the issue was disclosed publicly.

Microsoft's Windows 10 faces many problems

As Microsoft will end support for the Windows 10 OS by October 2025, these situations are something that the software company needs to address immediately. However, it does give years to prepare as Microsoft pushes new Windows 11 that will be available this holiday season. Windows 11 will have a brand-new design that borrows a Mac-like look and will include updated features.^[5]

Windows 10 is the most recent fully available version of the operating system. It first arrived in 2015 and became the most widely-used iteration of OS. However, the system receives critique as users face security issues, upgrade and notification problems, lack of storage, privacy, and data defaults.^[6] Certain vulnerabilities, like Windows 10 PrintNightmare seems to be a continuous problem, despite patches and changes that are presented.