Want Admin privileges? Plug in a Razer mouse

Mr Jack

Mr Jack

Mr Jack

Caporegime
Joined
19 May 2004
Posts
32,969
Location
Nordfriesland, Germany
Oh, this is a doozy of a security bug: basically the installed for Razer's Synapse software - which runs in Admin privileges because it needs to do driver stuff - let's you create an escalated Powershell command line and thus do basically whatever you want. And Windows will happily find it for you off the interwebs and run it on your computer.

Source and details here.
 
d_brennen said:
Still need local physical access to a PC logged in as a standard user, that hasn't had Synapse installed. Not really a big deal, just sloppy software development
Click to expand...

I don't agree it's not a big deal. Firstly, a simple way to escalate to Admin privileges is a very big deal indeed in many settings: banks, corporations, etc. Secondly, because it operates through a substantial hole in the Windows security model; Windows needs a better way of dealing with drivers. And, thirdly, because is shows that Microsofts system for accepting drivers to be automatically pushed to your computer is flawed.
 
You must log in or register to reply here.
Back
Top Bottom