On Windows computers, there are different user levels, ranging from Guest users and Admins. Obviously the distinction here would be permissions, where those with Admin status can do more to the system and make deeper system level changes compared to a Guest user, which is why it’s important to designate these user levels accordingly.
However, it seems that due to a bug/vulnerability with Razer’s Synapse software, it seems that anyone with a Razer mouse or keyboard can easily give themselves SYSTEM privileges on a Windows machine. This is according to a tweet by @j0nh4t who shared the bug on Twitter.
Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click
— jonhat (@j0nh4t) August 21, 2021
How this works is that whenever you plug a Razer keyboard or mouse to your computer, Windows will automatically download Razer Synapse, which is the software that Razer uses to control certain settings of its accessories. During the installation process, when Windows prompts which folder you’d like to save the software to, Shift and right-clicking the “Choose a Folder” button will let users launch a PowerShell window.
Since the software has SYSTEM privileges, what this means is that even users who aren’t an Admin will now have admin-level privileges and can do pretty much whatever they want in the PowerShell window. That being said, this exploit hinges on users having physical access to the computer and also having a Razer peripheral with them.
Razer has since commented that a patch is in development that will close off this exploit, but until then, disabling your computer’s USB ports will be one way to secure yourself until this problem is fixed.