Want Admin privileges? Plug in a Razer mouse

Mr Jack · 24 Aug 2021 at 08:35

Oh, this is a doozy of a security bug: basically the installed for Razer's Synapse software - which runs in Admin privileges because it needs to do driver stuff - let's you create an escalated Powershell command line and thus do basically whatever you want. And Windows will happily find it for you off the interwebs and run it on your computer.

Source and details here.

d_brennen · 24 Aug 2021 at 09:04

Still need local physical access to a PC logged in as a standard user, that hasn't had Synapse installed. Not really a big deal, just sloppy software development

Mr Jack · 24 Aug 2021 at 09:17

d_brennen said:
Still need local physical access to a PC logged in as a standard user, that hasn't had Synapse installed. Not really a big deal, just sloppy software development

I don't agree it's not a big deal. Firstly, a simple way to escalate to Admin privileges is a very big deal indeed in many settings: banks, corporations, etc. Secondly, because it operates through a substantial hole in the Windows security model; Windows needs a better way of dealing with drivers. And, thirdly, because is shows that Microsofts system for accepting drivers to be automatically pushed to your computer is flawed.

d_brennen · 24 Aug 2021 at 09:54

Mr Jack said:
I don't agree it's not a big deal. Firstly, a simple way to escalate to Admin privileges is a very big deal indeed in many settings: banks, corporations, etc. Secondly, because it operates through a substantial hole in the Windows security model; Windows needs a better way of dealing with drivers. And, thirdly, because is shows that Microsofts system for accepting drivers to be automatically pushed to your computer is flawed.

Any organisation that values security will have driver policies in place. I agree its another example of LoL MS security, but banks have themselves to blame if cashier Jonny Bigpotatos takes his Razer mouse in to elevate himself to some additional funds.

ttaskmaster · 24 Aug 2021 at 10:10

Does this work with any Razer peripheral that uses Synapse, then?

Asking for a friend...

Scougar · 24 Aug 2021 at 22:46

It's synapse that's the problem.

P.s. peripherals like keyboards/mice are automatically trusted by most computers which is which is why physical penetration testers will create special devices that look like peripherals to gain access to networks.

Rroff · 24 Aug 2021 at 22:53

d_brennen said:
Any organisation that values security will have driver policies in place.

Good luck with that - Windows 10 when it feels like it will completely ignore GPOs, etc. if you use the enterprise edition(s) that is somewhat reduced (but you still won't get the same level of control as 7 - despite some people claiming otherwise - I know plenty of administrators who've come to realise this despite using IT management solutions) but the Pro edition never mind home is another matter again.

MatteRB26 · 25 Aug 2021 at 06:23

d_brennen said:
Any organisation that values security will have driver policies in place.

*looks at all my SteelSeries gear for work and driver software* Huh.

d_brennen · 25 Aug 2021 at 10:52

Rroff said:
Good luck with that - Windows 10 when it feels like it will completely ignore GPOs

Sysadmin here, among other things. Biggest complaints I've seen are from sysadmins stuck in the past. Yes there were quirks, same as between XP, Vista and 7. I've had no issues that weren't resolved by RTFM

d_brennen · 25 Aug 2021 at 10:54

MatteRB26 said:
*looks at all my SteelSeries gear for work and driver software* Huh.

Did they install steel series drivers or basic HID? Your keyboard and mouse would work on my networks but your RGB software wouldn't

MatteRB26 · 25 Aug 2021 at 12:50

d_brennen said:
Did they install steel series drivers or basic HID? Your keyboard and mouse would work on my networks but your RGB software wouldn't

It's all self managed :cry:

We don't have any policies setup, though we're a company of 6 + 1 contractor who's worked with the company for... a lot of years. I've got SteelSeries engine installed, so I get Prism Sync across my mouse and keyboard (and mat if I plugged it in), because RGB improves productivity as well as FPS!

One of us even just uses his personal PC with a second SSD in it for work stuff.

FoxEye · 26 Aug 2021 at 11:25

d_brennen said:
Sysadmin here, among other things. Biggest complaints I've seen are from sysadmins stuck in the past. Yes there were quirks, same as between XP, Vista and 7. I've had no issues that weren't resolved by RTFM

Then you'll also know from RTFM that MS docs are often incomplete, there are tons of APIs that are not documented/ only partially documented, and some docs are plain wrong/ out of date.

MatteRB26 · 28 Aug 2021 at 09:09

FoxEye said:
Then you'll also know from RTFM that MS docs are often incomplete, there are tons of APIs that are not documented/ only partially documented, and some docs are plain wrong/ out of date.

The amount of times I look up .Net docs for work to find out they're outdated... They still haven't updated their docs for .Net Core 3 and Angular SSR

FoxEye · 28 Aug 2021 at 10:43

MatteRB26 said:
The amount of times I look up .Net docs for work to find out they're outdated... They still haven't updated their docs for .Net Core 3 and Angular SSR

Saw one just last week, where they haven't updated the code sample, and whilst the doc says ".NET 5.0, .NET Core 3.0" the code sample is only correct for .NET Framework. Leading to a bit of confusion and some wasted time.

Rroff · 31 Aug 2021 at 18:46

One of the reasons I got out of doing IT as a job - especially doing stuff like database development just endless cycles of certifying on latest versions and ways of working, dealing with incomplete or partial documentation, etc. after awhile I just completely burnt out on it. Especially when so often it seems like reinventing the wheel for the sake of it often in the process losing some useful features along the way.