Razer working on fix for dongle driver installation security flaw
A hacker published details of a flaw with Razer’s wireless dongle that could allow an attacker to gain access to and execute commands at a system-level priviledge.
First spotted by MSPowerUser, a hacker who goes by the Twitter username ‘jonhat’ (@j0nh4t) shared details of the flaw online, noting that Razer had not responded to his attempts to contact the company. However, jonhat followed up in a thread under the initial tweet that Razer did eventually reach out, that their security team is working on a fix and that they offered a bug bounty despite going public with the issue.
Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right clickTried contacting @Razer, but no answers. So here’s a freebie pic.twitter.com/xDkl87RCmz
— jonhat (@j0nh4t) August 21, 2021
The flaw exists within the installation process for Razer’s drivers. In short, when someone plugs in a Razer wireless dongle — typically used to connect accessories like mice and keyboards to a computer — Windows Update will download and run the RazerInstaller program, which installs the software drivers for the connected accessory.
I would like to update that I have been reached out by @Razer and ensured that their security team is working on a fix ASAP.
Their manner of communication has been professional and I have even been offered a bounty even though publicly disclosing this issue.
— jonhat (@j0nh4t) August 22, 2021
However, the program installs the drivers at the system level and offers users the ability to open File Explorer and select a location to install the drivers. While in the Explorer window, users can shift-right-click to open a Powershell terminal with the same system privileges. If an attacker were to do this, they’d effectively be able to do whatever they wanted on your computer. Additionally, if users choose to save the drivers in a user-controllable place, such as the Desktop, RazerInstaller saves a service binary that an attacker could hijack for persistence.
While that all sounds scary, it’s worth keeping in mind that an attacker would need access to your PC to take advantage of the flaw. The entire issue hinges on plugging in a Razer dongle (or a USB device spoofed to trick Windows into thinking it’s a Razer dongle). In other words, you probably don’t need to worry too much about this vulnerability unless your computer is at risk of being accessed when you’re not around.
Although the flaw is with Razer’s software, it also shows that Windows still has potentially huge vulnerabilities, especially when it comes to implementing third-party drivers and software. Windows Update arguably shouldn’t install stuff with system privileges, especially if that could allow the user to access critical software at that level. It’s worth noting that some have reported similar vulnerabilities with other driver install software, further indicating it’s a larger Windows issue Microsoft needs to address.
This latest flaw comes not long after the PrintNightmare vulnerability and head of Windows 11, which Microsoft has positioned as a more secure version of Windows thanks to implementations of things like an (arguably confusing) TPM requirement.
Source: jonhat (Twitter) Via: MSPowerUser, TechRadar
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.