Razer working on fix for dongle driver installation security flaw

A hacker published details of a flaw with Razer’s wireless dongle that could allow an attacker to gain access to and execute commands at a system-level priviledge.

First spotted by MSPowerUser, a hacker who goes by the Twitter username ‘jonhat’ (@j0nh4t) shared details of the flaw online, noting that Razer had not responded to his attempts to contact the company. However, jonhat followed up in a thread under the initial tweet that Razer did eventually reach out, that their security team is working on a fix and that they offered a bug bounty despite going public with the issue.

The flaw exists within the installation process for Razer’s drivers. In short, when someone plugs in a Razer wireless dongle — typically used to connect accessories like mice and keyboards to a computer — Windows Update will download and run the RazerInstaller program, which installs the software drivers for the connected accessory.

However, the program installs the drivers at the system level and offers users the ability to open File Explorer and select a location to install the drivers. While in the Explorer window, users can shift-right-click to open a Powershell terminal with the same system privileges. If an attacker were to do this, they’d effectively be able to do whatever they wanted on your computer. Additionally, if users choose to save the drivers in a user-controllable place, such as the Desktop, RazerInstaller saves a service binary that an attacker could hijack for persistence.

While that all sounds scary, it’s worth keeping in mind that an attacker would need access to your PC to take advantage of the flaw. The entire issue hinges on plugging in a Razer dongle (or a USB device spoofed to trick Windows into thinking it’s a Razer dongle). In other words, you probably don’t need to worry too much about this vulnerability unless your computer is at risk of being accessed when you’re not around.

Although the flaw is with Razer’s software, it also shows that Windows still has potentially huge vulnerabilities, especially when it comes to implementing third-party drivers and software. Windows Update arguably shouldn’t install stuff with system privileges, especially if that could allow the user to access critical software at that level. It’s worth noting that some have reported similar vulnerabilities with other driver install software, further indicating it’s a larger Windows issue Microsoft needs to address.

This latest flaw comes not long after the PrintNightmare vulnerability and head of Windows 11, which Microsoft has positioned as a more secure version of Windows thanks to implementations of things like an (arguably confusing) TPM requirement.

Source: jonhat (Twitter) Via: MSPowerUser, TechRadar

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.