Security researchers have discovered a bug that gives you admin privileges in Windows 10 by simply plugging in a Razer device. The security flaw has to do with the Razer Synapse software that lets you configure your Razer devices, map buttons, set up macros, and more.
The bug was discovered by security researcher jonhat who found a zero-day vulnerability in the plug-and-play Razer Synapse installation that quickly gives you admin privileges in Windows 10.
Admin privileges are the highest level of user rights which let you take control of the whole system, letting you install or remove anything as you please, including malware. This also lets you perform any system-level command on the operating system.
The way it works is that once you plug in a Razer mouse or keyboard into your PC, Windows Update will automatically download and install Razer Synapse. The RazerInstaller will be executed as SYSTEM once it’s done downloading.
The security researcher explains how the bug works in a short video in his tweet.
The good news, however, is that the security researcher reached out to Razer and the company has said that their security team is working on a fix. This means that a security patch should be released soon.