At the beginning of the week in the utility Razer for gaming peripherals brand Synapse a vulnerability was found that allowed gaining administrator rights in Windows 10 or Windows 11 when you connect a manufacturer’s mouse or keyboard to your computer. Today it became known that this can be done not only by users of Razer products.
Security Researcher Lawrence Amer found a similar “hole” in the utility SteelSeries… The specialist found out that at the time of installation, the user can open a command prompt window and perform any actions with administrator rights.
https://t.co/EJlxmBG9nj
– Lawrence 勞倫斯 (@ zux0x3a) August 23, 2023
As stated Tom’s guide, the problem is related to Windows itself, which does not distinguish between hardware drivers, the installation of which usually does not require administrator rights, and peripheral software, where this is necessary.
A SteelSeries spokesperson noted that the company is aware of the discovered vulnerability and has disabled the installer that launches when a new device is connected. SteelSeries engineers are currently working on a software update that will be released soon that will fix the issue permanently.
Read also: Intel Allows Overclocking Arc Graphics Cards With Proprietary Driver App…