image courtesy, techexplore
A security researcher on 21st August disclosed on twitter that a bug in devices of a gaming peripheral maker Razer comes with a zero-day vulnerability which allows a user to gain windows administrative privileges on windows 10, simply by plugging a Razer device such as mouse, keyboard or monitor. Jonhat went to publicly disclose this fact after not receiving any response from Razer.
Razer is famous for making peripheral devices and is known for gaming mouse and keyboards. On plugging these razer devices on windows 10 or 11, will automatically download a razer synapse software which then gives access to users to set up macros or configure Hardware devices. In short, users gain full access to admin privileges on installing synapse software, this zero day vulnerability was discovered by Jonhat the security researcher.
image courtsey, BornCity
According to BleepingComputer SYSTEM privileges are the highest user privileges that a user can gain in windows. It allows users to perform any sort of commands on windows and gives them absolute control of the operating systems and makes it incredibly easy to exploit. This can only happen if hackers install the device physically, but after that they can use it to download malicious malware software.
Razer reacted to the zero day vulnerability, after it gained wide attention on social media, they came in contact with Jonhat to inform them that they will try to fix this issue ASAP. They even gave him a bug bounty offer to report this bug even though he disclosed it publicly.