Not all users are the same in Windows. Without administrator access, you can use the computer, but you do not have permission to install certain applications or perform commands, and you generally do not have full control of the machine. But right now, you can grant yourself SYSTEM privileges on any Windows 10 computer simply plugging in a Razer keyboard or mouse. Sounds … bad.
Usually, different “user rights” are a good thing for Windows. Protect your system from people who would abuse these privileges, whether harmful or not. When you have administrator or SYSTEM privileges, you have full control over Windows, so it can be dangerous to give that power to anyone.
The idea that plugging in the right mouse can give you total control over a computer seems more unrealistic than that a TV hacker, but it is true. When you connect one of these Razer peripherals, Windows will download automatically Razer Synapse, software that controls certain mouse or keyboard settings. This Razer software has SYSTEM privileges, as it is launched from a Windows process with SYSTEM privileges.
But this is not where vulnerability comes into play. After you install the software, the Windows Setup Wizard asks you in which folder you want to save it. When you choose a new location for the folder, you’ll see a “Choose a folder”Application. Press Shift and right click on it and you can choose “Open the PowerShell window here“, Which will open a new PowerShell window.
Because this PowerShell window was started from a process with SYSTEM privileges, the PowerShell window to himself it now has SYSTEM privileges. In fact, you have become an administrator of the machine, able to perform any command you can think of in the PowerShell window.
G / O Media may receive a commission
This vulnerability was first highlighted on Twitter by user jonhat, who tried to contact Razer in the first place, to no avail. Razer finally tracked down, confirming there is an ongoing patch. Until this patch is available, however, the company inadvertently sells tools that facilitate the hacking of millions of computers.
How to Protect Your Computer from Razer Vulnerability
While the best solution is to wait for Razer to fix this bug in the end, we don’t he knows how long it will take take. If you want to protect your computer of the machinations of Razer peripherals-win other words that isRight now there are potential hackers, note the possibility of disabling the computer’s USB ports.
There are several (and complicated) ways to do this, but the easiest place to start is through Device Manager. Right-click on “This PC“Then click”Manage“. Click”Device Manager“, Then click the arrow next to Universal serial bus controllers. Here you will find all the USB drivers on your computer. You can right-click on these items and choose “Disable”To turn them off.
When you are ready to reactivate the USB ports, you can follow these same instructions and choose “Active“However.