You can get administrator privileges on any Windows machine by plugging in a Razer mouse

Not all users are created equal in Windows. Without administrator access, you can use the computer, but you are not allowed to install certain applications or run commands, and you usually do not have full control of the machine. But for now, you can grant yourself SYSTEM privileges on any Windows 10 machine just by plug in a Razer keyboard or mouse. It sounds … bad.

Usually different “user rights” are good for Windows. It protects your system from people who abuse these privileges, maliciously or not. When you have administrator (or SYSTEM) privileges, you have full control over Windows, so it can be dangerous to give that power to anyone.

The idea that plugging in the right mouse could give you full control over a computer seems more unrealistic than a TV hacker, but it’s true. When you plug in any of these Razer devices, Windows will automatically download Razer Synapse, the software that controls certain parameters of your mouse or keyboard. Said Razer software has SYSTEM privileges because it is launched from a Windows process with SYSTEM privileges.

But that’s not where the vulnerability comes in. After the software is installed, the Windows installation wizard asks you in which folder you want to save it. When you choose a new location for the folder, you will see a “Choose a folder“fast. Press Shift and right click on it, and you can choose”Open the PowerShell window here, which will open a new PowerShell window.

Because this PowerShell window was launched from a process with SYSTEM privileges, the PowerShell window himself now has SYSTEM privileges. In effect, you have transformed yourself into an administrator on the machine, able to run any command you can think of in the PowerShell window.

This vulnerability was first brought to light on Twitter by user jonhat, who initially tried to contact Razer about it, to no avail. Razer has finally followed up, confirming that a patch is in the works. Until this fix is ​​released, however, the company is inadvertently selling tools that make it easier to hack millions of computers.

How to protect your computer from the vulnerability of Razer

While the best solution is to wait for Razer to fix this bug on its end, we don’t know how long it’s going to take. If you want to protect your computer machinations of Razer Device-wthat is to sayfind potential hackers now, remember to deactivate the USB ports on your computer.

There are different (and complicated) ways to do this, but the easiest place to start is through Device Manager. Right click on “This PC, “then click”Manage. ” Click on “Device Manager”, Then click the arrow next to Universal serial bus controllers. Here you will find all the USB controllers for your computer. You can right click on these items and choose “Deactivate”To turn them off.

When you’re ready to re-enable your USB ports, you can follow these same instructions and choose “To allow” instead of.