You can gain admin rights of Windows 10 just by plugging in a Razer mouse

Recently, researcher Jonhat discovered a new vulnerability that allows to gain admin rights of Windows 10 just by plugging a Razer mouse into the computer.

Specifically, when plugging in a Razer mouse or the USB end of a Razer wireless mouse, Windows Update will download and execute the RazerInstaller driver under admin rights. Next, Razer's driver installer and device customization software allows users to open an Explorer window to choose where to store the installation files.

You can gain admin rights of Windows 10 just by plugging in a Razer mouse Picture 1

On that Explorer window, just press Shift + Right-click and a Powershell window with admin rights will be displayed. Basically, a skilled hacker can use a Powershell window with admin rights to do whatever he wants.

In addition, if the user performs the installation and specifies the directory to save the installation file in a user-controllable path such as the Desktop, the installer will save a service binary there. This binary can be edited to execute code before the user logs in on startup.

Hackers don't even need a real Razer mouse because the USB ID can be spoofed easily.

Jonhat said he tried to contact Razer but was unsuccessful. So he decided to make it public. It is likely that Microsoft will soon recognize the problem and proceed to remove the Razer driver from Windows Update. However, Razer's involvement is still required to edit their drivers before hackers can exploit this vulnerability.

Micah Soto

Update 23 August 2021