New vulnerability causes Windows to grant administrative rights when users just use Razer mouse

In the Windows operating system, there is a mechanism to grant permissions for each different user, not every user can do the same things on the same machine. In which the highest is administrative rights (Admin), able to access all applications, files and edit the permissions of others. Below that are regular users (User) and guests (Guest), who can only access a limited amount of applications and files and especially do not have the ability to edit their own and others’ permissions.

A recently discovered bug allows users to change user rights to admin in a very simple way, with just one step of plugging a mouse from Razer into the machine. This error sounds unbelievable and like a ridiculous detail in some Hollywood movie, but it happened in reality.

Accordingly, when plugging any Razer mouse into a Windows computer, the machine will automatically download its support application, Razer Synapse. In this application installer, the user can choose the location to save the attached file, and when pressing the Shift button and right-clicking, can open a PowerShell window – the computer driver with scripts with administrator access.

Immediately after this bug was discovered, Razer also released an official announcement: “We have received reports from users about being able to access machine control during the installation of the Synapse application. We’re working on the issue and will roll out an update as soon as possible, limiting the app’s permissions to not provide unauthorized third-party access to the device.”