![]() – Abuse elevated Explorer to open Powershell with Shift+Right click – Windows Update will download and execute RazerInstaller as SYSTEM ![]() Need local admin and have physical access? It also awarded jonhat a bug bounty, in spite of the fact that the bug was disclosed. As of Sunday, the tweet had caught Razer’s attention, and the manufacturer told jonhat that its security team was working on getting out a fix ASAP. The bug was reported by security researcher jonhat ( who tweeted about it on Saturday after initially not hearing back from Razer. Its Razer Synapse software enables users to configure hardware devices, set up macros or map buttons. Razer manufactures popular, high-end hardware for gamers, including mouses, keyboards and gaming chairs. ![]() ![]() There’s apparently nothing keeping the vulnerability from allowing the same privilege escalation on Windows 11, although, if that operating system has in fact been tested, its vulnerability hasn’t yet been reported. A zero-day bug in the device installer software for Razer peripherals – be they a Razer mouse, keyboard or any device that uses the Synapse utility – gives the plugger-inner full admin rights on Windows 10, just by inserting a compatible peripheral and downloading Synapse.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |