Razer is fixing a serious Windows security flaw caused by its mice

A rather unusual vulnerability in Razer mice has been identified and the company is currently working on a fix. Over the weekend, security researcher Jon Hat posted on Twitter that after plugging in a Razer mouse or dongle, Windows Update will download the Razer installer executable and run it with SYSTEM privileges. It also lets you access the Windows file explorer and Powershell with “elevated” privileges — which essentially means someone with physical access to the computer could install harmful software.

Since this vulnerability requires direct, physical access to a computer, it’s not nearly as dangerous as a security issue that can be carried out remotely, but it’s still a troubling find. Hat said on Twitter that Razer eventually reached out and told him that the company’s security team was working on a fix. 

Razer provided us with the following statement:

“We were made aware of a situation in which our software, in a very specific use case, provides a user with broader access to their machine during the installation process.

We have investigated the issue, are currently making changes to the installation application to limit this use case, and will release an updated version shortly. The use of our software (including the installation application) does not provide unauthorized third-party access to the machine.

We are committed to ensuring the digital safety and security of all our systems and services, and should you come across any potential lapses, we encourage you to report them through our bug bounty service, Inspectiv: https://app.inspectiv.com/#/sign-up.

Update, 2PM ET: Added a statement from Razer.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.