News Bug in Razer Software Enables Admin Privileges in Windows 10

[Admin]

Thanks to the security researcher jonhat, we have discovered a bug in Razer's Synopsis software that gives system (admin) privileges to anyone with physical access to the PC.

Bug in Razer Software Enables Admin Privileges in Windows 10 : Read more

 

[Deleted member 14196]

Synapse is the worst!!! I have always detested their software and now I have another reason to do so

 

[BillyBuerger]

This seems to be Razer's stupid push that their users have to install their bloated crap just to use even the minimum function of their hardware. Most hardware when attached installs a default driver that at least gives the minimal functions of the device. A keyboard or mouse should be able to just work like that. But they want their full software which includes logging into an account with them even to get anything working with the hardware. So it seems as though this basic driver that Windows installs pushes this whole thing on the user. And since running any driver install requires admin access, they are kicking off this big install from the local system account. So yeah, makes sense that you could easily take advantage of that. Nice work Razer.

But at the same time, don't these drivers that get installed automatically by windows have to be approved for WHQL or something? Sounds like maybe a flaw in Microsofts system if a bad driver like this can be allowed.

 

[BillyBuerger]

Actually, while Razer definitely deserves blame for this, it reminds me of another similar "bug" that I noticed years ago related to the Windows default file open/save dialog. For instance, if you're using a remote system like Citrix where a single application is exposed to a user and that application has any option that would open the Windows open/save dialog, you can right click on a folder and pick "open in a new window" and you now have a Windows Explorer window even though that application wasn't specifically exposed by the Citrix application. Could probably do that to open other software on the remote system. Now this won't give admin access like with the Razer driver bug. But the point was to only expose a single application and doing this gives you access to other applications. Part of the issue is that the Windows open/save dialog itself uses Windows Explorer and lets you do pretty much anything you can do in explorer with it. Really, this should be locked down to only let you open/save files and not do things like open applications. If that were the case, the Razer bug would still be a problem but it could at least limit the effect of it by not letting the admin account actually execute anything. They could maybe create folders where they shouldn't and see file lists. But not open a command prompt. So bad on Microsoft here as well. I mean sure, it's convenient to be able to sometime do some things like this sometimes. But it also is a potential security issue. Or at the very least makes taking advantage of an unrelated security issue that much easier.

 

[Giroro]

I still can't figure out why Razer needs a permanent 100MB of system memory just to change 2 registers in my mouse's firmware

 

[bigdragon]

This problem isn't limited to Razer. A lot of gamer peripherals have add-on crap with zero security precautions. Asus ROG USB devices have the same problem as Razer. Microsoft really needs to clamp down on this behavior and stop allowing gaming-focused industries to break computer security. It's bad enough that we already have ineffective, security-breaking anti-cheat garbage forced on the market.

 

[waltc3]

It seems sort of obvious that this hack requires physical access to a machine, so that really diminishes the importance of the find, imo. It's not something that can be administered remotely, apparently. If you have physical access...well...there isn't much you cannot get to...

 

[USAFRet]

It seems sort of obvious that this hack requires physical access to a machine, so that really diminishes the importance of the find, imo. It's not something that can be administered remotely, apparently. If you have physical access...well...there isn't much you cannot get to...

Yes, but simply plugging in a random mouse should not result in this escalation.
Major fail on Razer, physical access or no.

 

[Findecanor]

The response was the usual doublespeak from Razer avoiding the actual issue ...

The issue is not that an authorised user gets administrator privileges.
The issue is when a user that is authorised to use the machine gets administrator privileges he/she was not authorised to get.

 

[PiranhaTech]

I bought a Razer arcade stick. It's absolutely wonderful. The responsiveness is amazing, and the button action just feels nice, but...

... its Windows 10 drivers are horrible. You are lucky to get 6 out of 8 buttons working. It only works on the Xbox One by default. Luckily the community out there will get you the 8 buttons.