Recently, a huge flaw is found on Windows – anyone can get full admin access to a computer running Windows 10 or other systems without passwords; plugging in a Razer mouse or the keyboard helps to gain administrator privileges automatically on Windows. MiniTool offers this post to talk more about this security bug.

Razer Mouse and Keyboard Cause Security Flaw

Razer is a common manufacturer of computer peripherals which is famous for the gaming mouse and keyboard. The Razer mouse and Razer keyboard are not so special when compared to other gaming mouse and keyboards.

But recently, a huge security flaw found on Windows systems brought the mouse Razer to the fore. Razer offers an easy way for anyone with physical access to a Windows 10 computer to get administrator privileges by simply plugging in a Razer mouse or keyboard. This is known as the local privilege escalation (LPE) vulnerability.

Previously in July, the new Windows Print Spooler PrintNightmare vulnerability was discovered.

Tip: If you have backed up your system and the important files, you won’t be affected too much by the data loss caused by security flaw or virus attack. However, if you haven’t backed up yet, you should prepare a professional recovery tool to recover lost files in time when needed.

MiniTool Power Data Recovery TrialClick to Download100%Clean & Safe

Razer Synapse Zero-day Vulnerability

Twitter user jonhat found this security issue and posted the details on August 21, 2021. Here’s what he said exactly:

Need local admin and have physical access?

– Plug a Razer mouse (or the dongle)

– Windows Update will download and execute RazerInstaller as SYSTEM

– Abuse elevated Explorer to open Powershell with Shift+Right click

Tried contacting @Razer, but no answers. So here’s a freebie

Razer mouse offers users admin privileges

About Windows Administrator Privileges

What do administrator privileges mean?

In short, the administrator privileges refer to the security-related abilities to make changes to an operating system.

On Windows computers, not all users are allowed to install certain apps or perform certain tasks. You can access the computer, but you may not have full control of it without administrator privileges (administrator access, or admin privileges).

How to get administrator privileges on Windows 10?

There are 3 commonly used ways to get administrator privileges on Windows 10 (or other systems).

  • Change account type to administrator via Settings if you have password of the built-in administrator account.
  • Grant administrator privileges using Command Prompt.
  • Gain administrator privileges in Windows PowerShell.
How Can You Restore Administrator Account In Windows 10
How Can You Restore Administrator Account In Windows 10

It is very urgent for users to restore administrator account in Windows 10 if they have deleted it by mistake sometimes.

Read More

How to Get Administrator Privileges on Windows 10 without Password

The Twitter user jonhat added a video to show others how the Razer mouse vulnerability works.

Step 1: Connect a Razer Mouse/Keyboard

When you plug in a Razer mouse or a Razer keyboard to your computer, both the driver and the Razer Synapse will be downloaded automatically by Windows in the background. This Razer installation program (Razer mouse software) will get the SYSTEM privileges because the RazerInstaller.exe was launched from a Windows process with SYSTEM privileges.

Windows Keyboard Shortcuts Not Working? Please Try These 7 Fixes.

Step 2: Choose an Installation Path

The installer for Razer Synapse software is initialized to give you the option to choose where the software to be installed. The Choose a Folder window will appear after you chose to change the default install location.

Step 3: Press Shift and Right-click

If you press Shift and right-click on this window, you’ll see the Open PowerShell window here prompt, which then opens up a new PowerShell window.

This opening PowerShell window will also gain the SYSTEM privileges since it is launched from a process with SYSTEM privileges. Now, you’re able to perform any command you can think of in the PowerShell window.

The entire process lasts only about two minutes to gain SYSTEM privileges in Windows 10 after plugging Razer peripherals. Anyone using the computer currently will have full control over the software and settings.

According to researchers, similar bugs are likely to be found in other software installed on your PC via the Windows plug-and-play process.

How to Protect Your PC from Razer’s Vulnerability

This problem is disclosed to more and more people as the Razer Synapse zero-day vulnerability. The spread speed of the news – Razer mouse and keyboard is causing Windows security bug – is very astonishing.

Finally, Razer noticed this and responded publicly on August 23. The company said they have investigated the issue and they are currently making changes to the installation application, trying to limit this use case ASAP.

Razer is working on fixing the problem for users. However, before it finally issues a fix to this vulnerability, you should disable the USB ports to protect your PC.

  1. Open Device Manager.
  2. Find and expand Universal Serial Bus controllers.
  3. Right click on a USB port and choose Disable.
  4. Repeat step 3 to disable all unnecessary USB controllers in the list.

Fix USB Flash Drive Not Recognized & Recover Data.

  • linkedin
  • reddit

About The Author

Sarah

Position: Columnist

Sarah has been working as an editor at MiniTool since she graduated from university. Sarah aims at helping users with their computer problems such as disk errors and data loss. She feels a sense of accomplishment to see that users get their issues fixed relying on her articles. Besides, she likes to make friends and listen to music after work.

User Comments :