Twitter user jonhat (@j0nh4t) has released a video clip in a tweet detailing a process by which an individual can gain elevated access to a Windows machine using the installation screen of Razer’s Synapse driver ecosystem. jonhat states that Razer has been contacted prior but has not replied to his discovery. The video detailing the process is showing below:
Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click
— jonhat (@j0nh4t) August 21, 2021
Razer Support has since responded to the tweet but no published reaction has been made but it is apparent this is something that will be fixed in an upcoming update.
Due to the nature of the flaw, the security implications are limited but private individuals who may be securing their systems in shared use environments are possible targets of this trick.
The trick works by plugging in a Razer device which calls Windows Update immediately to download Synapse. Once downloaded in the background, Razer Synapse will prompt users to install the driver even in reduced user access. During the Synapse installation process, Synapse will ask for an installation direction which will prompt an Explorer dialog box which folders can then be accessed with elevated admin rights by shift+right clicking and opening a PowerShell window. This allows any individual to execute full, elevated access to the system.
A higher quality version of the video is below: