Category: General|Aug 23, 2021 | Author: Admin

Razer Synapse can hack machines: plug in your mouse to become a Windows 10 admin

Share on

If you use one or more Razer products, you have probably come across Synapse.

Razer is aware of this shocking security flaw
Now the program is in the spotlight not due to improvements, but a scary hole that is very easy to exploit: when you plug in a device, mouse as keyboard, Windows 10 and 11 automatically download Synapse.

 

Razer wants to make it as easy as possible for customers, and that is basically a good thing - until holes are discovered, and that is something that will always occur. In other words, this feature should be disabled forever.

 

No manufacturer should auto-install this way
To understand how easy it is to take advantage of this, you need to understand what happens in the background when connecting Razer USB devices

 

Windows Update downloads and run RazerInstaller as a "system". When this happens, all you have to do is open Powershell with administrator privileges (shift and right mouse click at the same time).

 

Razer is working on a solution (the company promises rewards even though the error was widely known by "jonhat"), but now the question is: how many other products can trigger the same problem?

Sponsored Ads:

Comments:


Microsoft to start force-upgrading Windows 22H2 systems next month

Category: Microsoft|Sep 10, 2024 | Author: Admin

Mozilla extends Firefox support on unsupported Windows versions to March 2025

Category: IT|Sep 9, 2024 | Author: Admin

Apache fixes critical OFBiz remote code execution vulnerability

Category: IT|Sep 8, 2024 | Author: Admin

SonicWall SSLVPN access control flaw is now exploited in attacks

Category: IT|Sep 7, 2024 | Author: Admin

Microsoft Office 2024 to disable ActiveX controls by default

Category: Microsoft|Sep 6, 2024 | Author: Admin

LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks

Category: IT|Sep 5, 2024 | Author: Admin

Cisco warns of backdoor admin account in Smart Licensing Utility

Category: IT|Sep 4, 2024 | Author: Admin

D-Link says it is not fixing four RCE flaws in DIR-846W routers

Category: IT|Sep 3, 2024 | Author: Admin

The Google Play Store can finally update multiple apps at the same time

Category: Google|Sep 2, 2024 | Author: Admin

Now the iPhone buttons don't work

Category: Apple|Sep 1, 2024 | Author: Admin

Some Android smartphones have been found to contain a hidden security vulnerability

Category: General|Aug 31, 2024 | Author: Admin

Over 200 million users a week

Category: Apple|Aug 30, 2024 | Author: Admin

Chrome will redact credit cards, passwords when you share Android screen

Category: General|Aug 29, 2024 | Author: Admin

Google increases Chrome bug bounty rewards up to $250,000

Category: Google|Aug 28, 2024 | Author: Admin

Microsoft: Exchange Online mistakenly tags emails as malware

Category: Microsoft|Aug 27, 2024 | Author: Admin
more