Although Microsoft has been working tirelessly to eliminate that stigma, Windows still retains the image of an operating system that is almost too easy to engage. Many farms of this type are produced at the remote end when people click on suspected links or download software from unofficial sources. However, there comes a time when an exploitation occurs too easily, as when it connects to a razer mouse that, in turn, begins a process that will let almost anyone with physical access to the computer get the administrator’s control of system level.
Windows users are quite accustomed to the concept of “Plug and Play” (also known as “Plug and Reza”), where the new peripherals “simply work” when they connect. That usually involves a program that runs automatically to download and install the device. Drivers and configure the PC to recognize the external device. This system is used by almost all reputable Windows accessories, suggesting that this particular zero day vulnerability is not exclusive to Razer alone.
What makes the issue a little more serious is that Razer’s Sinapse software installer makes it almost too easy to exploit that process. SINAPSE is the application that allows users to configure their Razer hardware with advanced functions, such as keys and towing buttons. The installer for Synapse runs automatically when it connects a razer mouse, and that’s where things go south.
Razerinstaller.exe runs naturally with privileges at the system level to make any changes to the Windows PC. However, it also allows the user to open an instance of file explorer with the same powers, and users can start PowerShell that will allow them to do anything with the system, including the installation of malware. After not getting a Razer’s response, the security researcher @jonhat decided to publicly disclose vulnerability.
The slightly good news is that this exploitation requires that the attacker has physical access to the destination Windows computer and a Razer mouse. The latter is, of course, a penny of a dozen, and it is trivial to buy one to cheap. Breaking its silence, Razer recognized the error and promised to deploy a solution as soon as they can, although it still raises the question of how many installers have similar security holes that expect to be exploited.
