A Razer mouse security flaw can give admin access to non-admin PC users

Anyone with a Razer mouse can theoretically install malware or access

A Razer mouse security flaw can give admin access to non-admin PC users

A huge security flaw has been discovered in some Razer mice that allows users to gain admin-level access to a PC.

Twitter user jonhat discovered that the installation software that boots up when a Razer mouse is being installed accidentally gives the player access to Window’s file explorer at the SYSTEM account level, even if they’re only logged in with a standard, non-admin user account.

When any new USB device is plugged into a Windows PC, the device is temporarily given SYSTEM-level access (which is the highest privilege level in the Windows user hierarchy) so the drivers can be installed in the Windows folder. This is usually a background process that doesn’t involve the user.

However, plugging in a Razer mouse for the first time opens up an installer for Razer’s Synapse software, which gives users the option to choose where the software is installed.

If a user chooses to the change the default install location, the software will bring up a File Explorer window to let them pick a new install folder. However, because this window is opened during the install process, the software still has system level rights, which means the user technically has administrator access.

Jonhat discovered that by Shift-right-clicking on this window, users can open a Windows Powershell window, which gives them a command-line prompt with full admin rights.

Users with admin access on a PC have full control over the PC’s software and settings. They can access all files on the PC, change security settings and install software and hardware.

A Razer mouse security flaw can give admin access to non-admin PC users
Twitter user jonhat demonstrated the flaw by creating a basic account with no privilege access and using Razer’s install software to gain system-level access

Theoretically, in a worst-case scenario, someone with a Razer mouse could use this workaround to install malware or spyware (such as keylogging software) on a PC that isn’t properly protected (such as a friend or partner’s computer, or a work PC).

A few days after jonhat’s discovery, he posted on Twitter that Razer had contacted him and told him its security team was “working on a fix ASAP”.

However, other users have since discovered similar problems in other USB hardware with installation software, such as gaming hardware company SteelSeries’ GG software, so it would appear that this is a security flaw that may need to be addressed by Microsoft itself.

Related Products
SAMSUNG 49-inch Odyssey G9 Gaming Monitor
Xbox Elite Series 2 Wireless Controller
NVIDIA GeForce RTX 3090 Ti 24GB
Other Products
Razer BlackWidow V3 Pro
Razer DeathStalker V2 Pro TKL Wireless
Corsair HS70 Pro Wireless Gaming Headset
Some external links on this page are affiliate links, if you click on our affiliate links and make a purchase we might receive a commission.