Hackers leverage Razer mice driver updates to access Windows PCs

Reading time icon 2 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

Microsoft’s Windows operating system is receiving yet another security-flaw induced black eye, as hackers take advantage of its partnership with Razer.

Earlier today, information regarding a Windows exploitation that involves a specific Razer gaming software and driver installation surfaced and depicts an exploit that could give a hackers unprecedented access to a user’s computer.

The hack in specific relies on a simple driver update to Razer mouse that doubles as a system process for “Razer Installer”. If hacker can get physical access to or convenience a user to plug in a Razer mouse USB dongle, then the system installer will grant the hacker access to an elevated version of the Windows Explorer GUI and then grant permissions for local installation and access to items such as Windows PowerShell.

Adding fire to this explosive revelation is the fact that if the installation process is both completed, and the files saved to the desktop as they typically would be, hackers could have continued access to the PC’s subsystems.

Furthermore, once a completion is done, the physical necessity of a Razer mouse is no longer needed. Hackers could simply spoof the USB-ID and regain access to the PC.

When confronted about the security flaw, Razer has acknowledged its severity and plans to ship a fix in the coming weeks.

As for Microsoft’s role in the exploitative hack, there has been no official statement released from the company, but a temporary patch could be issued as part of its once-a-week cumulative update for Windows, that would put a pause to the automated driver download process for Razer mice.

User forum

0 messages