Hackers leverage Razer mice driver updates to access Windows PCs

Microsoft’s Windows operating system is receiving yet another security-flaw induced black eye, as hackers take advantage of its partnership with Razer.

Earlier today, information regarding a Windows exploitation that involves a specific Razer gaming software and driver installation surfaced and depicts an exploit that could give a hackers unprecedented access to a user’s computer.

The hack in specific relies on a simple driver update to Razer mouse that doubles as a system process for “Razer Installer”. If hacker can get physical access to or convenience a user to plug in a Razer mouse USB dongle, then the system installer will grant the hacker access to an elevated version of the Windows Explorer GUI and then grant permissions for local installation and access to items such as Windows PowerShell.

Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click

Tried contacting @Razer, but no answers. So here's a freebie pic.twitter.com/xDkl87RCmz

— jonhat (@j0nh4t) August 21, 2021

Adding fire to this explosive revelation is the fact that if the installation process is both completed, and the files saved to the desktop as they typically would be, hackers could have continued access to the PC’s subsystems.

Furthermore, once a completion is done, the physical necessity of a Razer mouse is no longer needed. Hackers could simply spoof the USB-ID and regain access to the PC.

Additionally if you go through the installation process and define the save dir to user controllable path like Desktop. A service binary is saved there which can be hijacked for persistance and is executed before user logon on boot.

— jonhat (@j0nh4t) August 21, 2021

When confronted about the security flaw, Razer has acknowledged its severity and plans to ship a fix in the coming weeks.

As for Microsoft’s role in the exploitative hack, there has been no official statement released from the company, but a temporary patch could be issued as part of its once-a-week cumulative update for Windows, that would put a pause to the automated driver download process for Razer mice.